> ## Documentation Index > Fetch the complete documentation index at: https://docs.sprig.com/llms.txt > Use this file to discover all available pages before exploring further. # Keycloak To enable SSO with KeyCloak, complete the following: 1. Contact [support@sprig.com](mailto:sso@sprig.com) to claim the email domain(s) that your SSO users will use to sign in. 2. Log into your Sprig account and navigate to **Settings >** [**Single Sign-On**](https://app.sprig.com/settings/sso). 3. Select the **SSO Enabled** option, and click **Save**. 4. An **Important Values** section should appear. Copy the value of the **Entity URI** field into the **Issuer URL** field in the **Your Identity Provider**, and click **Save** button for both sections. Take note of both values provided by the **Important Values** section, as you will use it in your KeyCloak client configuration in the next step. 5. Log into your KeyCloak administration console. Navigate to the **Clients** page. Click **Create** and an **Add Client** page should appear. In the **Add Client** page enter the Entity URI from Step 4 into the **Client ID** field, and select **SAML** for the **Client Protocol**. Click **Save**. 6. A new configuration page for the newly created Sprig client should appear. Click on the **Settings** tab. Switch the **Enabled** and **Sign Document** toggles to the ON position. All other toggles should be OFF. Select **RSA\_256** for the Signature Algorithm, and enter the ACS URL from Step 4 into the **Valid Redirect URIs** field. The values of all other fields can be as the default value or blank. Click the **Save** button. 7. Click on the **Mappers** tab for the Sprig client you created. Add two mappers that will evaluate the values that will be used by the Sprig application for each user’s name and role. The SAML attribute names must be \_name\_and *role*, respectively. Name values must be less than 255 characters, and valid values for role are *admin*, *developer*, or *viewer*. Sprig roles are described [here](/docs/account-and-settings/team-management-roles/roles-permissions). 8. Click on the **Realm Settings** tab on the left. Click on the **Keys** tab in the Realm page under which your Sprig client was created. On that page, under the **Active** tab you should see a set of rows for each key. Find the one that has type RSA and click on the **Certificate** button on the right side of the row. A long string value should appear. Enter this value into the **X.509 Certificate** field in the **Your Identity Provider** section of the Sprig [SSO Settings Page](https://app.sprig.com/settings/sso). Click **Save**. Users that are assigned to the KeyCloak application integration will now be able to sign in using the Sprig [SSO login page](https://app.sprig.com/login/sso).