> ## Documentation Index
> Fetch the complete documentation index at: https://docs.coderabbit.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Enterprise SSO

> Set up Enterprise SSO for your CodeRabbit organization with supported identity providers such as Okta and Keycloak.

export const EnterprisePlanBadge = ({tip = "This feature is available exclusively as part of the Enterprise plan. Please refer to our pricing page for more information about our plans and features.", title = "Enterprise Plan", cta = "Read more", href = "https://coderabbit.ai/pricing", disabled = false}) => {
  return <Tooltip tip={tip} cta={cta} href={href}>
        <Badge icon="building-2" disabled={disabled || undefined}>
            {title}
        </Badge>
    </Tooltip>;
};

export const AdminRoleBadge = ({tip = "This feature requires an organization owner, an admin role or the corresponding permission. Regular Members do not have access.", title = "Admin Only", cta = "View roles", href = "/management/roles", disabled = false}) => {
  return <Tooltip tip={tip} cta={cta} href={href}>
        <Badge icon="lock" color="orange" disabled={disabled || undefined}>
            {title}
        </Badge>
    </Tooltip>;
};

<EnterprisePlanBadge />

<AdminRoleBadge tip="This page requires an admin role. Members do not have access to Enterprise SSO settings." />

Enterprise SSO lets your organization manage CodeRabbit access through your existing identity provider. The current setup flow is support-assisted: CodeRabbit provides the service provider values for your tenant, you configure the identity provider, and then CodeRabbit completes the enablement after reviewing your metadata.

Use this section when you want to centralize login for Enterprise users, control access through your identity provider, and roll out sign-in to teams in a managed way. We currently support Okta SAML and Keycloak SAML, with additional providers planned.

## Available guides

<CardGroup cols={1}>
  <Card title="Okta SAML" href="/management/sso/okta-saml" icon="key" horizontal>
    Create an Okta SAML app, collect the required metadata, and send it to CodeRabbit to enable Enterprise SSO.
  </Card>

  <Card title="Keycloak SAML" href="/management/sso/keycloak-saml" icon="key" horizontal>
    Configure a Keycloak SAML client, collect the IdP metadata, and send it to CodeRabbit to enable Enterprise SSO.
  </Card>
</CardGroup>

## Setup flow

<Steps>
  <Step title="Request CodeRabbit service provider values">
    Reach out to your account team to obtain the values your identity provider needs for the SSO application:

    * **Single sign-on URL (ACS URL)**
    * **Audience URI (SP Entity ID)**
  </Step>

  <Step title="Configure your identity provider">
    Create a new SSO application in your identity provider and enter the CodeRabbit service provider values. The provider-specific guide will tell you which fields to populate and how to format the login attributes.
  </Step>

  <Step title="Send your identity provider metadata to CodeRabbit">
    After the application is created, collect your identity provider metadata and send it to CodeRabbit. For SAML-based providers, this typically includes your organization's email domain, Sign-on URL, issuer, and X.509 signing certificate.
  </Step>

  <Step title="Assign users or groups">
    Grant access to the users or groups who should be able to sign in to CodeRabbit. Users cannot complete SSO login until they are assigned to the application in your identity provider.
  </Step>

  <Step title="Validate access">
    After CodeRabbit confirms the configuration is live, test the sign-in flow with an assigned user to make sure authentication succeeds and the expected users can access your organization.
  </Step>
</Steps>

## What's next

<CardGroup cols={1}>
  <Card title="Subscription management" href="/management/billing" icon="user-cog" horizontal>
    Manage billing, plan details, and seat settings as part of your Enterprise rollout.
  </Card>

  <Card title="Roles and permissions" href="/management/roles" icon="shield-check" horizontal>
    Review how CodeRabbit roles work so you can combine SSO with the right access model for your organization.
  </Card>

  <Card title="Support" href="/support" icon="message-circle" horizontal>
    Contact the CodeRabbit team if you need your service provider values or help troubleshooting the rollout.
  </Card>
</CardGroup>