> ## Documentation Index
> Fetch the complete documentation index at: https://docs.langdock.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Getting Started

> Learn about SAML 2.0 Single Sign-On and how to configure it for your Langdock workspace.

## SAML Overview

Security Assertion Markup Language (SAML) 2.0 is the standard protocol Langdock uses for Single Sign-On (SSO) authentication. With SAML, your users can sign in to Langdock using their existing corporate identity provider credentials.

## Setup Checklist

Before configuring SAML, complete the following steps:

1. Navigate to the **Security** section in your [workspace settings](https://app.langdock.com/settings/workspace/security)

<Frame>
  <img src="https://mintcdn.com/langdock-34/57Di0kl9qeqW38Yc/images/saml_settings.png?fit=max&auto=format&n=57Di0kl9qeqW38Yc&q=85&s=6ac9ac644663070bf27060dfca5d2869" alt="Security section in Workspace settings" style={{borderRadius: '6px'}} width="1074" height="452" data-path="images/saml_settings.png" />
</Frame>

2. Ensure you have admin access to your Langdock workspace and your identity provider
3. Enable **Join by domain**

<Frame>
  <img src="https://mintcdn.com/langdock-34/57Di0kl9qeqW38Yc/images/saml_join_by_domain_enabled.png?fit=max&auto=format&n=57Di0kl9qeqW38Yc&q=85&s=53486e1a4eaf5251258df5f710256881" alt="Join by domain toggle enabled in security settings" style={{borderRadius: '6px'}} width="1084" height="292" data-path="images/saml_join_by_domain_enabled.png" />
</Frame>

4. Add your domain

<Frame>
  <img src="https://mintcdn.com/langdock-34/57Di0kl9qeqW38Yc/images/saml_add_domain.png?fit=max&auto=format&n=57Di0kl9qeqW38Yc&q=85&s=235d4459cd225115d63c76516ef3e184" alt="Add domain button in the Email domains section" style={{borderRadius: '6px'}} width="1084" height="292" data-path="images/saml_add_domain.png" />
</Frame>

5. Verify your domain before enabling SAML

<Frame>
  <img src="https://mintcdn.com/langdock-34/57Di0kl9qeqW38Yc/images/saml_verify_domain.png?fit=max&auto=format&n=57Di0kl9qeqW38Yc&q=85&s=39d521282cebab84ff0a93cf232563bc" alt="Verify domain button for an added email domain" style={{borderRadius: '6px'}} width="1080" height="318" data-path="images/saml_verify_domain.png" />
</Frame>

6. Create and configure a SAML application in your identity provider
7. Copy the SAML values into Langdock: **Issuer**, **Sign on URL**, **Certificate**, and **Audience URI**

<Frame>
  <img src="https://mintcdn.com/langdock-34/57Di0kl9qeqW38Yc/images/saml_idp_info.png?fit=max&auto=format&n=57Di0kl9qeqW38Yc&q=85&s=82bc16a8546a6f527b578623485c4697" alt="SAML configuration fields for identity provider information" style={{borderRadius: '6px'}} width="1084" height="560" data-path="images/saml_idp_info.png" />
</Frame>

<Note>
  Continue only after Langdock has verified your domain. You cannot turn on **SAML Active** before verification is complete.
</Note>

8. Turn on **SAML Active**

<Frame>
  <img src="https://mintcdn.com/langdock-34/57Di0kl9qeqW38Yc/images/saml_active.png?fit=max&auto=format&n=57Di0kl9qeqW38Yc&q=85&s=e6a1dcf7b54bf10dcd68a98b57eb617b" alt="SAML Active toggle in security settings" style={{borderRadius: '6px'}} width="1084" height="270" data-path="images/saml_active.png" />
</Frame>

9. Test SAML login in a separate browser or incognito window before signing out

## Supported Identity Providers

Langdock supports SAML 2.0 with any compatible identity provider. We provide step-by-step guides for:

* [Microsoft Entra ID](/en/admin/security/saml/entra)
* [Google Workspace](/en/admin/security/saml/google)
* [Okta](/en/admin/security/saml/okta)

## Password Login and SAML

SAML SSO is enforced for verified domains. Turn on **Allow External Authentication** to let people outside verified domains sign in with a magic link or other available authentication methods.

<Frame>
  <img src="https://mintcdn.com/langdock-34/57Di0kl9qeqW38Yc/images/saml_allow_external_connections.png?fit=max&auto=format&n=57Di0kl9qeqW38Yc&q=85&s=9095ec44bbb37d6f39984f78ec6dd0d9" alt="Allow External Authentication toggle in security settings" style={{borderRadius: '6px'}} width="1080" height="316" data-path="images/saml_allow_external_connections.png" />
</Frame>

## Multi-Factor Authentication (MFA)

Langdock doesn't offer standalone MFA. When you use SAML SSO, MFA is enforced at the identity provider level as part of the login flow.

If you need an extra layer of security, [IP restrictions](/en/admin/security/ip-restrictions) are a good interim measure — they limit workspace access to specific IP ranges.

## Need Help?

If you encounter any issues during setup, reach out to [support@langdock.com](mailto:support@langdock.com) for assistance.