---
description: Learn how to complete your single-sign on connection and next steps for enabling SSO.
keywords: configure, sso, docker hub, hub, docker admin, admin, security
title: Create an SSO connection
linkTitle: Connect
---
{{< summary-bar feature_name="SSO" >}}
Creating a single sign-on (SSO) connection requires setting up the connection in Docker first, followed by setting up the connection in your identity provider (IdP). This guide provides steps for setting up your SSO connection in Docker and your IdP.
> [!TIP]
>
> This guide requires copying and pasting values in both Docker and your IdP. To ensure a seamless connection process, complete all the steps in this guide in one session and keep separate browsers open for both Docker and your IdP.
## Prerequisites
Make sure you have completed the following before you begin:
- Your domain is verified
- You have an account set up with an IdP
- You have completed the steps in the [Configure single sign-on](../single-sign-on/configure.md) guide
## Step one: Create an SSO connection in Docker
>[!NOTE]
>
> Before creating an SSO connection in Docker, you must verify at least one domain.
{{< tabs >}}
{{< tab name="Admin Console" >}}
1. Sign in to the [Admin Console](https://admin.docker.com/).
2. Select your organization or company from the **Choose profile** page. Note that when an organization is part of a company, you must select the company and configure the domain for the organization at the company level.
3. Under Security and access, select **SSO and SCIM**.
4. Select **Create Connection** and provide a name for the connection.
5. Select an authentication method, **SAML** or **Azure AD (OIDC)**.
6. Copy the following fields to add to your IdP:
- Okta SAML: **Entity ID**, **ACS URL**
- Azure OIDC: **Redirect URL**
7. Keep this window open so you can paste the connection information from your IdP here at the end of this guide.
{{< /tab >}}
{{< tab name="Docker Hub" >}}
{{% include "hub-org-management.md" %}}
1. Sign in to Docker Hub.
2. Select **My Hub** and then your organization from the list.
3. On your organization page, select **Settings** and then **Security**.
4. In the SSO connection table, select **Create Connection** and provide a name for the connection.
5. Select an authentication method, **SAML** or **Azure AD (OIDC)**.
6. Copy the following fields to add to your IdP:
- Okta SAML: **Entity ID**, **ACS URL**
- Azure OIDC: **Redirect URL**
7. Keep this window open so you can paste the connection information from your IdP here at the end of this guide.
{{< /tab >}}
{{< /tabs >}}
## Step two: Create an SSO connection in your IdP
The user interface for your IdP may differ slightly from the following steps. Refer to the documentation for your IdP to verify.
{{< tabs >}}
{{< tab name="Okta SAML" >}}
1. Sign in to your Okta account.
2. Select **Admin** to open the Okta Admin portal.
3. From the left-hand navigation, select **Administration**.
4. Select **Administration** and then **Create App Integration**.
5. Select **SAML 2.0** and then **Next**.
6. Enter "Docker Hub" as your **App Name**.
7. Optional. Upload a logo.
8. Select **Next**.
9. Enter the following values from Docker into their corresponding Okta fields:
- Docker ACS URL: **Single Sign On URL**
- Docker Entity ID: **Audience URI (SP Entity ID)**
10. Configure the following settings in Okta:
- Name ID format: `EmailAddress`
- Application username: `Email`
- Update application on: `Create and update`
11. Optional. Add SAML attributes. See [SSO attributes](/manuals/security/for-admins/provisioning/_index.md#sso-attributes) for a table of SSO attributes.
12. Select **Next**.
13. Select the **This is an internal app that we have created** checkbox.
14. Select **Finish**.
{{< /tab >}}
{{< tab name="Entra ID SAML 2.0" >}}
1. Sign in to your Azure AD admin portal.
2. Select **Default Directory** and then **Add**.
3. Choose **Enterprise Application** and select **Create your own application**.