4. Select **Administration** and then **Create App Integration**.
5. Select **SAML 2.0** and then **Next**.
6. Enter "Docker Hub" as your **App Name**.
7. Optional. Upload a logo.
8. Select **Next**.
9. Enter the following values from Docker into their corresponding Okta fields:
- Docker ACS URL: **Single Sign On URL**
- Docker Entity ID: **Audience URI (SP Entity ID)**
10. Configure the following settings in Okta:
- Name ID format: `EmailAddress`
- Application username: `Email`
- Update application on: `Create and update`
11. Optional. Add SAML attributes. See [SSO attributes](/manuals/security/for-admins/provisioning/_index.md#sso-attributes) for a table of SSO attributes.
12. Select **Next**.
13. Select the **This is an internal app that we have created** checkbox.
14. Select **Finish**.
{{< /tab >}}
{{< tab name="Entra ID SAML 2.0" >}}
1. Sign in to your Azure AD admin portal.
2. Select **Default Directory** and then **Add**.
3. Choose **Enterprise Application** and select **Create your own application**.
4. Enter "Docker" for application name and select the **non-gallery** option.
5. After the application is created, go to **Single Sign-On** and select **SAML**.
6. Select **Edit** on the **Basic SAML configuration** section.
7. Enter the following values from Docker into their corresponding Azure fields:
- Docker Entity ID: **Identifier**
- Docker ACS URL: **Reply URL**
8. Optional. Add SAML attributes. See [SSO attributes](/manuals/security/for-admins/provisioning/_index.md#sso-attributes) for a table of SSO attributes.
9. Save configuration.
10. From the **SAML Signing Certificate** section, download your **Certificate (Base64)**.
{{< /tab >}}
{{< tab name="Azure Connect (OIDC)" >}}
To create an Azure Connect (OIDC) connection, you must create an app registration, client secrets, and configure API permissions for Docker:
### Create app registration
1. Sign in to your Azure AD admin portal.
2. Select **App Registration** and then **New Registration**.
3. Enter "Docker Hub SSO" or similar for application name.
4. Under **Supported account types**, specify who can use this application or access the app.
5. In the **Redirect URI** section, select **Web** from the drop-down menu and paste the **Redirect URI** value from the Docker console into this field.
6. Select **Register** to register the app.
7. Copy the **Client ID** from the app's overview page. You need this information to continue configuring SSO in Docker.
### Create client secrets
1. Open your app in Azure AD and select **Certificates & secrets**.
2. Select **+ New client secret**.
3. Specify the description of the secret and set how long keys can be used.
4. Select **Add** to continue.
5. Copy the secret **Value** field. You need this to continue configuring SSO in Docker.
### Configure API permissions
1. Open your app in Azure AD and navigate to your app settings.
2. Select **API permission** and then **Grant admin consent for [your tenant name]**.
3. Select **Yes** to confirm.
4. After confirming, select **Add a permission** and then **Delegated permissions**.
5. Search for `User.Read` and select this option.
6. Select **Add permissions** to confirm.
7. Verify admin consent was granted for each permission by checking the **Status** column.
{{< /tab >}}
{{< /tabs >}}
## Step three: Connect Docker and your IdP
After creating your connection in Docker and your IdP, you can cross-connect them to complete your SSO connection:
{{< tabs >}}
{{< tab name="Okta SAML" >}}
1. Open your app you created in Okta and select **View SAML setup instructions**.
2. Copy the following values from the Okta SAML setup instruction page:
- **SAML Sign-in URL**
- **x509 Certificate**
> [!IMPORTANT]
>
> You must copy the entire contents of your **x509 Certificate**,
including the `----BEGIN CERTIFICATE----` and `----END CERTIFICATE----` lines.
3. Open Docker Hub or the Admin Console. Your SSO configuration page should still be open from Step one of this guide.