# SAML Single Sign-On (SSO)
Enable secure, seamless authentication for Raycast Enterprise by connecting your organization’s SAML identity provider. Follow step-by-step instructions to simplify access management and user onboarding.
> [!NOTE]
> Some Teams features are available in Raycast for Mac V2 and Windows, with full support coming in future updates. Raycast V1 and iOS remain unchanged.
Raycast Enterprise supports SAML-based Single Sign-On, allowing your organization to authenticate users through your existing identity provider. Once SAML is configured, users can sign in to Raycast via your IdP. When combined with [Domain Capture](/teams/domain-capture), users with your organization's email domain are automatically directed to your IdP for authentication.
**Supported identity providers include:**
- Okta
- Google Workspace
- Any SAML 2.0 compliant identity provider
**How it works:**
1. Contact Raycast to enable SAML eligibility for your organization.
2. Configure a SAML application in your identity provider using the setup guide.
3. Share the SAML metadata URL (or XML file) and your email domain with Raycast.
4. Raycast completes the configuration and enables SSO.
5. Users can then sign in via SSO. New users who authenticate through your IdP are automatically added to your organization.
## Integrate with Okta
1. In Okta Admin Console, navigate to Applications → Applications and press Create App Integration
2. For Sign-in method, select SAML 2.0
3. Fill out the General Settings. You can find Raycast logos [here](https://www.raycast.com/press-kit).
4. Fill out the SAML Settings
- Single sign-on URL: `https://www.raycast.com/saml/{organization-handle}/acs`
- Audience URI: `https://www.raycast.com/saml/{organization-handle}/metadata`
- Name ID format: `EmailAddress`
5. In Feedback section mark the app as internal and press Finish
6. On the next page, make sure to copy the Metadata URL and share it with Raycast
7. On Attribute statements section click on Show legacy configuration and Edit
8. Add a new profile attribute statement and press Save
- Name: `email`
- Value: `user.email`
9. Inform Raycast that you have completed these steps
10. Once the setup is complete on Raycast's side, you can verify that SSO is working by assigning the Application to a user in Okta, and then using that user to sign in to Raycast. A new user is expected to be created, and this user should be part of your organization.
## Integrate with Google Workspace
1. In Google Admin Console ([admin.google.com](https://admin.google.com/)), navigate to Apps → Web and mobile apps
2. Press Add app and select Add custom SAML app
3. Fill out the App details. You can find Raycast logos [here](https://www.raycast.com/press-kit).
4. Press Download Metadata to get your Metadata XML file and share it with Raycast
5. Fill out the Service provider details:
- ACS URL: `https://www.raycast.com/saml/{your_organization_handle}/acs`
- Entity ID: `https://www.raycast.com/saml/{your_organization_handle}/metadata`
- Name ID format: `EMAIL`
6. On the Attribute mapping screen press Finish
7. Inform Raycast that you have completed these steps
8. To enable this for the users in your Organization or a Group within it, you will need to press the top right corner of the User access card
---
## Need Help?
Contact Raycast Support if you have any questions or would like help with SAML Single Sign-On (SSO). Use the **Send Feedback** command directly in Raycast to report bugs and billing issues, log feature requests, or any other queries you would like to speak to us about.
You can view all Raycast Support contact options at https://manual.raycast.com/contact-support