# Configure SSO

After you have [added an identity provider (IdP)](/docs/realm/reunite/organization/sso/add-idp) in Reunite, the IdP can then be configured in the `redocly.yaml` configuration file for individual projects.
Adding an IdP to the configuration file for a project is not required for users to be able to use it to log in.
If you do not configure `sso` in the `redocly.yaml` file for a project, users can log in to the project using IdPs you have added in Reunite in the default priority order.
You can configure `sso` in the `redocly.yaml` file of a project, to specify identity providers for that project.
See the [Single sign-on (SSO) concept doc](/docs/realm/reunite/organization/sso/sso#default-priority-order) for more information on the default priority order.

attention
Configuring `sso` does not require users to log in to your project.
To require login to a project, [`rbac`](/docs/realm/config/access/rbac) or [`requiresLogin`](/docs/realm/config/access/requires-login) must also be configured.

## Before you begin

Make sure you have the following:

- a `redocly.yaml` configuration file with one of the following configured:
  - `rbac` defined for the [`authenticated` default team](/docs/realm/reunite/organization/teams#default-teams)
  - [`requiresLogin`](/docs/realm/config/access/requires-login)
- [identity provider (IdP) information added in Reunite](/docs/realm/reunite/organization/sso/add-idp)


## Specify IdPs for a project

If you want to specify which identity providers (IdPs) users can log in to your project with, you can configure `sso` in the `redocly.yaml` configuration file.

For example, the following `sso` configuration limits users to the CORPORATE IdP, if it has been added in Reunite:


```yaml redocly.yaml
sso: 
  - CORPORATE
```

The following example allows users to use both the GUEST IdP (if it has been added in Reunite) and REDOCLY credentials:


```yaml redocly.yaml
sso:
  - GUEST
  - REDOCLY
```

Redocly credentials are credentials created and saved in Reunite.

## Disable SSO

If you have configured `rbac`, but want to disable SSO, use the following `sso` configuration:


```yaml redocly.yaml
sso: []
```

Disabling SSO is only necessary if you have `rbac` configured, but you don't want to require login to your project.
Disabling SSO removes the login page, but does not disable `rbac`.

## Resources

- **[Add an identity provider](/docs/realm/reunite/organization/sso/add-idp)** - Add identity providers in Reunite for unified authentication across projects and Reunite login
- **[Configure RBAC](/docs/realm/access)** - Implement role-based access control to restrict user access to specific project content and features
- **[SSO configuration reference](/docs/realm/config/access/sso)** - Complete reference documentation for all available SSO configuration options and settings
- **[Single sign-on (SSO) concepts](/docs/realm/reunite/organization/sso/sso)** - Understand different identity provider types and implementation approaches for your project authentication needs
- **[Role-based access control (RBAC) concepts](/docs/realm/access/rbac)** - Understand how RBAC works in projects and Reunite for comprehensive access management
- **[RBAC configuration reference](/docs/realm/config/access/rbac)** - Complete reference for configuring RBAC options in your redocly.yaml file with examples and implementation details
- **[Configure SCIM](/docs/realm/reunite/organization/sso/configure-scim)** - Enable SCIM 2.0 user provisioning for your SSO identity provider (beta, access by request)