# SSO connection setup

Adhese can connect with a client's IDP (IDentity Provider) so the client's employees can log into Adhese using their own SSO (Single-Sign On) system.

To successfully connect your company's SSO with Adhese's login system, some information needs to be provided:

- Endpoints from your IDP system 
    - authorization\_url
    - token\_url
    - logout\_url
    - user\_info\_url
    - issuer
    - jwks\_url

<details id="bkmrk-example-authorizatio"><summary>example</summary>

<canvas class="lt-highlighter__canvas" height="106" style="display: none; top: 39px !important; left: 20px !important;" width="440"></canvas><table border="1" style="border-collapse: collapse; width: 100%; height: 178.8px;"><colgroup><col style="width: 18.0466%;"></col><col style="width: 81.9513%;"></col></colgroup><tbody><tr style="height: 29.8px;"><td style="height: 29.8px;">authorization\_url

</td><td style="height: 29.8px;">"https://.../am/oauth2/authorize"</td></tr><tr style="height: 29.8px;"><td style="height: 29.8px;">token\_url</td><td style="height: 29.8px;">"https://.../am/oauth2/access\_token"</td></tr><tr style="height: 29.8px;"><td style="height: 29.8px;">logout\_url

</td><td style="height: 29.8px;">"https://.../am/oauth2/connect/endSession"</td></tr><tr style="height: 29.8px;"><td style="height: 29.8px;">user\_info\_url</td><td style="height: 29.8px;">"https://.../am/oauth2/userinfo"</td></tr><tr style="height: 29.8px;"><td style="height: 29.8px;">issuer</td><td style="height: 29.8px;">"https://.../am/oauth2"</td></tr><tr style="height: 29.8px;"><td style="height: 29.8px;">jwks\_url</td><td style="height: 29.8px;">"https://.../am/oauth2/connect/jwk\_uri"</td></tr></tbody></table>

</details>- client\_id
- client\_secret

<p class="callout success">The `client_id` and `client_secret` must correspond to the values registered in the customer's <span data-highlighted="true" data-vc="highlighted-text">IDP</span>.</p>

<p class="callout success">The `issuer` and `jwks_url` must be reachable from Adhese services.</p>

Furthermore, roles need to be mapped between Adhese and your IDP. Below is an example where the first part (before =) is the role as it could be in the IDP and the second part (after =) how it can relate to the roles within Adhese.

<details id="bkmrk-example-%22adhese.ad-m"><summary>Example</summary>

<table border="1" style="border-collapse: collapse; width: 100%;"><colgroup><col style="width: 26.2041%;"></col><col style="width: 73.7959%;"></col></colgroup><tbody><tr><td>"adhese.ad-master" </td><td>= \["adhese.Self Service Ad Master", "adhese.Creative Master"\]</td></tr><tr><td>"adhese.read-only" </td><td>= \["adhese.Viewer"\]</td></tr><tr><td>"adhese.admin" </td><td>= \["adhese.Admin", "admin"\]</td></tr><tr><td>"adhese.creative-reviewer" </td><td>= \["adhese.Creative Approver"\]</td></tr></tbody></table>

</details>If you as a client have multiple instances of Adhese (i.e. a testing and a production instance), you can have separate connections for each instance or use the same mapping for both instances.