# Organization settings Your Organization settings are accessible from the top-right dropdown: ![](https://85223878-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FOx0Wo3NZjrQrGQthTy6o%2Fuploads%2Fgit-blob-2df320ac3f743827b97ee1785acbab7214da92f9%2FCapture%20d%E2%80%99e%CC%81cran%202021-10-13%20a%CC%80%2011.11.27.png?alt=media) ### Overview tab The overview tab gathers the basic settings of your Organization: here you'll be able to edit * its name * its logo or delete it **permanently**. ![](https://85223878-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FOx0Wo3NZjrQrGQthTy6o%2Fuploads%2Fgit-blob-abfbe82b3f6808c8b1a5ff3ea42e6efc4df69284%2Fimage.png?alt=media) ### Owners tab In this tab you can manage your Organization Owners. Owners are simply users who **have access to the Organization settings**. ![](https://85223878-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FOx0Wo3NZjrQrGQthTy6o%2Fuploads%2Fgit-blob-bba5ea4749f932e36414341a4fd5a334d18b9529%2Fimage.png?alt=media) {% hint style="warning" %} A user must belong to at least 1 project of the Organization to be invited as an Owner and will be **automatically added as Admin** on all projects of the Organization {% endhint %} ### Security tab {% hint style="info" %} You need to be on a [Forest Admin Enterprise plan](https://www.forestadmin.com/pricing) to have access to this feature.*You need a least one project within this organization with this plan to gain access to this feature* {% endhint %} This tab gathers all security options of your Organization. For now you can only configure Single Sign-On (SSO). ![](https://85223878-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FOx0Wo3NZjrQrGQthTy6o%2Fuploads%2Fgit-blob-ac9ed6d1d0df3d4e92aa21f5697df1b9e6fa553b%2Forganization-settings-security.png?alt=media) ### Configuring SSO {% hint style="info" %} We are supporting the SAML 2.0 specifications, you can use all the main Identity Providers. For instance, the following platforms have been tested and documented: [**Okta**](https://docs.forestadmin.com/user-guide/project-settings/organizations/organization-settings/sso-with-okta), [**OneLogin**](https://docs.forestadmin.com/user-guide/project-settings/organizations/organization-settings/sso-with-one-login), [**Google**](https://docs.forestadmin.com/user-guide/project-settings/organizations/organization-settings/sso-with-google), [**Azure Active Directory**](https://docs.forestadmin.com/user-guide/project-settings/organizations/organization-settings/sso-with-azure) and [**AWS IAM**](https://docs.forestadmin.com/user-guide/project-settings/organizations/organization-settings/sso-with-aws) IdPs. {% endhint %} #### Requirements To configure SSO for your organization, you must: * Be an [organization owner](#owners-tab). * Have access to your Identity Provider. #### Configure your Identity Provider You'll first need to **declare Forest Admin in your Identity Provider** using the information in the grey panel: ![](https://85223878-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FOx0Wo3NZjrQrGQthTy6o%2Fuploads%2Fgit-blob-a44fcf437e03c4ef5711e8fdaf4e0705b3b58a3c%2Forganization-settings-sso-1.png?alt=media) | Setting | Description | Value | | ----------------------------------------------- | ----------------------------------------------------------------------------- | ----------------------------------------------------------------------------- | | Callback URL (Assertion Consumer Service URL)\* | Assertion Consumer Service URL is responsible for receiving the SAML response | `https://api.forestadmin.com/api/saml/callback` | | Sign on URL\* | Sign on URL | `https://api.forestadmin.com/api/saml/callback` | | Logout URL | Redirected to this location after logout | `https://app.forestadmin.com/login` (⚠️ Or your custom domain if you use one) | | Audience (EntityID) | Named SP Entity ID in Forest Admin | *Value is displayed in the Forest Admin settings* | #### Configure Forest Admin with the Identity Provider Metadata **XML file upload or XML file endpoint (Recommended)** {% hint style="warning" %} We highly recommend to use this option, most especially the one where you provide the metadata file using an url. This allows automatic certificate update without service interruption. {% endhint %} Either upload a file containing the authentication information (you'll be able to generate this file in your Identify Provider) or input the endpoint at which such a file is available (some IPs provide this). ![](https://85223878-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FOx0Wo3NZjrQrGQthTy6o%2Fuploads%2Fgit-blob-6cf8b7b0082a3839aea74d7685188059264c8895%2Fimage.png?alt=media) **Manual input** You may also enter your authentication information manually. You'll need to provide: * a **Login endpoint** * a **Logout endpoint** * and finally a **Valid certificate** ![](https://85223878-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FOx0Wo3NZjrQrGQthTy6o%2Fuploads%2Fgit-blob-cac42e30a5b762f7395b254e6840c40fa6ebda4a%2Fimage.png?alt=media) Click on Test configuration to try to authenticate. #### Enables it for all the users If it works, you're all set but you will still need to enable that new SSO authentication method: ![](https://85223878-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FOx0Wo3NZjrQrGQthTy6o%2Fuploads%2Fgit-blob-5dfd5e2a01f000bb9c5917a1b2df75fc9138f10d%2Fimage.png?alt=media) {% hint style="danger" %} After enabling SSO, all users will be required to [log in](https://docs.forestadmin.com/user-guide/project-settings/organizations/..#how-to-log-in-using-single-sign-on-sso) again. {% endhint %} #### Identity Provider-initiated login (Optional) Once you have enabled SSO, you have the option to enable **IdP-initiated login**: this will allow your users to be automatically logged in when they come to Forest Admin from your identity provider dashboard. ![](https://85223878-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FOx0Wo3NZjrQrGQthTy6o%2Fuploads%2Fgit-blob-d55009f3862b289c24ee616d7496db79fca071db%2Fimage.png?alt=media) To set it up properly, you will need to set a default **Relay state** on your identity provider following this format (*or URL encoded depending on the IdP*): ```javascript { "organizationName": "OrganizationName", "destinationUrl": "organization.projects" } ``` #### Troubleshooting Check the steps below this if you encounter an issue: * Double check all information (endpoints, certificate expiration dates, etc..) * Make sure the `NameID` configured on your Identity Provider is the **email address used on Forest Admin accounts too** * Make sure you selected **SAML 2.0** on your Identity Provider *If you can't find anything by yourself don't hesitate to* [*ask for help on our Community forum*](https://community.forestadmin.com/) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.forestadmin.com/user-guide/project-settings/organizations/organization-settings.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.