# Account security

## Single Sign-On <a href="#od_1ff6972d" id="od_1ff6972d"></a>

The access to the Cloudimage administration Console supports SSO over SAMLv2. Cloudimage officially supports several Identity Providers (IDPs) and can integrate with any IDP that speaks SAML 2.0. You can integrate Cloudimage as a Service Provider (SP) with your IDP to allow your Cloudimage administrators to log in to the Console with a federated account and enjoy SSO.

{% hint style="info" %}
Please note that SSO is only available for accounts with company email domains on ENTERPRISE [plans](https://www.cloudimage.io/en/pricing). Gmail.com, yahoo.com, aol.com, etc. are not supported for SSO.
{% endhint %}

## Configure <a href="#od_c25d7d6f" id="od_c25d7d6f"></a>

### Step 1. Collect the Cloudimage Service Provider details <a href="#od_c25d7d6f" id="od_c25d7d6f"></a>

1. Copy the **ACS URL / Consumer URL** and **Entity ID / Audience ID** or download the Service Provider XML from the link provided. These values are needed for configuring Cloudimage as a Service Provider or Relying Party Trust (ADFS) in your IDP.
2. Within your Identity Provider, add a Service Provider (generic term, Ping Federate), Application (OKTA), or Relying Party Trust (ADFS) using the information gathered in the previous step.
3. Make sure the IDP is returning the user's email address as *NameID* in the SAML assertion with the format *emailAddress* (see note below for ADFS).
4. Go back to the Cloudimage Console to finish the configuration.

#### ADFS as IDP <a href="#od_eeea5b02" id="od_eeea5b02"></a>

If you are using ADFS as IDP, you will need to configure the following two Issuance Transform Rules for the Relying Party Trust:

<div><figure><img src="https://content.gitbook.com/content/IDIcmPiz7q6Sr6ZHHQxV/blobs/0MMIEdhL9axVD6LRyAbr/as1.png" alt=""><figcaption></figcaption></figure> <figure><img src="https://content.gitbook.com/content/IDIcmPiz7q6Sr6ZHHQxV/blobs/THyFojIeW9U7Via3PUDo/as2.png" alt=""><figcaption></figcaption></figure> <figure><img src="https://content.gitbook.com/content/IDIcmPiz7q6Sr6ZHHQxV/blobs/yjb5KYoDkAG4TBh0rN0M/as3.png" alt=""><figcaption></figcaption></figure></div>

### Step 2. Configure the Identity Provider details in the Cloudimage Console <a href="#od_1494cab5" id="od_1494cab5"></a>

Fill in the Identity Provider section:

* **Entity ID**: the entity ID from your IDP as per the IDP's metadata.xml.
* **SSO Target URL**: IDP single sign-on URL.
* **SAML Single Logout Service URL**: IDP single sign-out URL (usually the same as SSO Target URL).
* **Signing Certificate**: IDP's signing certificate is log inas per the IDP's metadata.xml. This certificate is used by Cloudimage to verify the SAML assertion's signature returned by the IDP.

### Step 3. Test Single Sign-On <a href="#od_f7b73d96" id="od_f7b73d96"></a>

Using your Cloudimage admin account's email from your company, try to [log in](https://www.cloudimage.io/en/login).

<figure><img src="https://content.gitbook.com/content/IDIcmPiz7q6Sr6ZHHQxV/blobs/onh1heVUaswx4ha231ir/as4.gif" alt=""><figcaption></figcaption></figure>

Enjoy SSO and additional security!