# SSO Configuration Guides

> [!WARNING]
> This feature is part of the Team & Enterprise plans.

These guides help you configure SAML 2.0 and OpenID Connect (OIDC) with your Identity Provider for [Basic SSO](./security-sso-basic). Hugging Face Hub can work with any SAML or OIDC-compliant Identity Provider.

> [!NOTE]
> If you are looking to set up [Managed SSO](./enterprise-advanced-sso), the configuration is done in collaboration with the Hugging Face team. Please contact us to get started.

> [!TIP]
> **OIDC token endpoint authentication method.** When exchanging the authorization code, Hugging Face authenticates to your Identity Provider's token endpoint using the `client_secret_post` method. If your IdP application is configured to expect a different method (such as `client_secret_basic`), the login will fail with an `invalid_client` error. To resolve this, set your IdP application's token endpoint authentication method to `client_secret_post`.

## Okta

- [How to configure OIDC with Okta](./security-sso-okta-oidc)
- [How to configure SAML with Okta](./security-sso-okta-saml)
- [How to configure SCIM with Okta](./security-sso-okta-scim)

## Microsoft Entra ID (Azure AD)

- [How to configure SAML with Entra ID](./security-sso-azure-saml)
- [How to configure OIDC with Entra ID](./security-sso-azure-oidc)
- [How to configure SCIM with Entra ID](./security-sso-entra-id-scim)

## Google Workspace

- [How to configure SAML with Google Workspace](./security-sso-google-saml)
- [How to configure OIDC with Google Workspace](./security-sso-google-oidc)