> ## Documentation Index > Fetch the complete documentation index at: https://jam.dev/docs/llms.txt > Use this file to discover all available pages before exploring further. # SSO > Connect your identity provider for single sign-on and automatic workspace management. Access stays centralized and manual work stays low. SSO and Directory Sync are available on the [**Enterprise**](https://jam.dev/pricing) plan only. [Contact sales](https://jam.dev/contact-sales) to upgrade. Single Sign-On settings showing GoogleSAML for @acme.com and Google Workspace with 21 synced members ## How it works **SSO (Single Sign-On)** connects your identity provider to Jam for authentication. Team members log in using their existing corporate credentials instead of a separate Jam password. **Directory Sync** automatically reflects user changes from your IdP in Jam. Changes to your IdP sync automatically to your Jam workspace with no manual work. ## Supported identity providers * Okta * Azure AD * Google Workspace * Any SAML-compatible provider ## Configure Configure Single Sign-On Go to [**Settings**](https://jam.dev/s/settings). In the **Access** section, click **Setup** next to **Identity Provider**. Follow the setup walkthrough for your identity provider. Complete the required configuration steps on your identity provider's side. You should now see your IdP listed in the Access section. Members can now log in with SSO. SSO is configured for a single domain by default. Need multiple domains? [Contact](https://jam.dev/help) our team to enable additional domains. Configure Directory Sync to automate user provisioning and removal. Go to [**Settings**](https://jam.dev/s/settings). In the **Access** section, click **Setup** next to **Active Directory**. Complete the step-by-step configuration walkthrough for your IdP. Choose which user groups from your IdP should sync to Jam. This step is optional. You should now see your IdP listed in the Access section. New users added to your IdP automatically join your workspace. Provisioned users get the Creator role by default. You'll need to adjust roles manually in [**Settings → Members**](https://jam.dev/s/settings/members). ## User management How you manage team members depends on whether Directory Sync is enabled. Members list with the Active Directory sync enabled banner and 21 synced members **Automated Management** * User provisioning: Happens in your identity provider * New user notifications: Users get email notifications when provisioned * Role management: Handle manually in [**Settings → Members**](https://jam.dev/s/settings/members) * User removal: Remove from IdP to revoke Jam access automatically * Group sync: Manage access via user groups in your IdP Access directory sync management in [**Settings → Members**](https://jam.dev/s/settings/members). User groups cannot be mapped to specific Jam roles automatically. Role assignment requires manual configuration. Members list with the Add members button and three members, with no Directory Sync banner **Manual Management** * User provisioning: Add users directly in [**Settings → Members**](https://jam.dev/s/settings/members) * Role management: Assign and modify roles in Jam * User removal: Remove users manually in [**Settings → Members**](https://jam.dev/s/settings/members) All user management happens in [**Settings → Members**](https://jam.dev/s/settings/members). User groups cannot be mapped to specific Jam roles automatically. Role assignment requires manual configuration. ## FAQ Yes. SSO handles authentication while Directory Sync manages user provisioning. You can enable either feature independently. Jam supports all major identity providers, including Okta, Azure AD, Google Workspace, and any SAML-compatible provider. Not automatically. While you can sync user groups from your IdP, role assignment requires manual configuration in [**Settings → Members**](https://jam.dev/s/settings/members). With Directory Sync enabled, the user automatically loses access to Jam when they are removed from your IdP.