---
title: Enterprise SSO | Stainless docs
description: Configure your Stainless Organization to accept sign-ins from identity providers like Google, Okta, or a custom SAML implementation.
---

Enterprise SSO is a paid feature. See our [pricing page](https://stainless.com/pricing) for details.

When you sign up for an enterprise organization, you will have the option to customize how users sign in. This is currently handled manually; just let us know that you’d like to customize SSO, and we will take it from there.

Existing accounts must [contact support](mailto:support@stainless.com) in order to set up or update SSO settings.

In this flow you will be given a link that allows your Organization’s IT or IdP team to configure an authentication provider. Then when users sign up they are automatically added to your Stainless organization with the Editor role, which can be updated by an admin.

Users in the CLI can authenticate just the same, via `stl auth login`.

Note: identities are not linked; users can have two accounts with the same email, if they sign in with GitHub and then using SSO with the same email. But the opposite flow is blocked: if we see a sign-in from GitHub on your enterprise domain, the user will be asked to sign in with SSO instead.

SCIM is not currently supported - contact us if you’d like to use a directory to control member roles and auto provisioning.

SSO is handled by [WorkOS](https://workos.com), our Enterprise Identity Infrastructure Provider. For technical details check their docs on [SAML integration](https://workos.com/docs/integrations/saml) and [SAML security](https://workos.com/docs/sso/saml-security).