# Single Sign-On
TSANet Connect supports the SAML 2.0 standard and includes both single sign-on and just in time user provisioning. To configure and test single sign-on Members should [contact TSANet](https://tsanet.gitbook.io/connect/help-center/) to start the process. This document can be used as a template for what is needed to configure your single sign-on to any SAML 2.0 compliant identity management system such as Workspace One, One Login, Active Directory etc.
{% hint style="success" %}
Single Sign-On is available to [**Premium**](https://tsanet.org/premium-membership/) and [**Elite**](https://tsanet.org/elite-membership/) TSANet Members
{% endhint %}
## SAML 2.0 Overview
Security Assertion Markup Language (SAML) is an open standard that allows identity providers (Your user management system) to pass authorization credentials to service providers (The TSANet Connect System). SAML allows your users to use a single login/password to access many systems.
## Configuring your identity Management System
This document does not include details on how to configure your identity management systems. The ***Configuring TSANet Connect*** section below should give your IT organization the information necessary to configure your identity management system. The TSANet Connect implementation is SAML 2.0 compliant and should work with any identity management system. TSANet staff will setup a short call with your IT team to do the configuration and test. Steps to enable SSO are:
1. Member sends XML metadata, which includes their CERT.
2. TSANet Configures Connect
3. TSANet provides Connect Metadata (URL found in the admin menu)
4. Member completes SSO setup
5. TSANet Activates and tests with Member (Login for EXISTING user and Just-in-Time user provisioning for a NEW user)
## Configuring TSANet Connect
During the conference call TSANet staff and your IT admin will configure the SAML connection. The following information will be provided by your IT admin
1. **Entity source metadata**: This can be a URL location or an xml file that is uploaded to the system
2. **Federation URL**: The IDL Federation URL. This information is also found in the metadata file above
3. **Logout URL**: The logout URL. This information is also found in the metadata file above
TSANet Staff will then provide the Service Provider URL that provides a link to the TSANet Connect Metadata file.
TSANet Staff will also modify the members login page with the following information
1. **Login Section**: Text can be added to help guide users
2. **Register Section**: Text can be added to guide users who have problem with accessing the system.
{% hint style="info" %}
Members can control who can access TSANet Connect through groups defined in their identity management systems.
{% endhint %}
Example Member Login Page
## User Experience
After configuring single sign-on your users will access the system with their company login credentials. Access could happen through an app such as Workspace ONE or One Login or by going to their login page and selecting the login button. Examples below show how users access the system with single sign-on.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://tsanet.gitbook.io/connect/documentation/webapp/administration/single-sign-on.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.