# Single Sign-On

Sled supports Single Sign-On (SSO), allowing your users to authenticate using their existing identity provider credentials instead of managing separate passwords.

## Supported Providers

* [Azure Active Directory](/sso/azure-active-directory.md) - Microsoft Entra ID (OAuth 2.0 / OpenID Connect)

## How SSO Works in Sled

When SSO is enabled, users see a **"Sign in with Microsoft"** button on the login page. Clicking it redirects them to your identity provider for authentication. After successful login, users are automatically created in Sled and assigned a role based on their group memberships.

### Key Features

* **Automatic user provisioning** - Users are created in Sled on first login, no manual setup needed
* **Group-based access control** - Map identity provider groups to Sled roles (Admin, Editor, Viewer)
* **Default viewer access** - All authenticated users get read-only access without any extra configuration
* **MFA support** - Works with your identity provider's Multi-Factor Authentication policies
* **Optional password fallback** - Keep password login enabled alongside SSO during transition


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sled.so/sso.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.