> For the complete documentation index, see [llms.txt](https://docs.2checkout.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.2checkout.com/get-started/getting-started/activate-your-account/universal-sso-with-2checkout-saml-based.md).

# Universal SSO with 2Checkout (SAML-Based)

## Overview

The 2Checkout Universal SSO solution enables seamless Single Sign-On (SSO) for your organization's users across SaaS and internal applications using any Identity Provider (IdP) that supports the SAML 2.0 protocol. This solution simplifies authentication workflows, enhances security through centralized identity governance, and reduces login friction for end users.

{% hint style="danger" %}
**Important!** This SSO integration is not self-service. To enable it for your account, your organization must contact 2Checkout Support or your 2Checkout vendor representative to initiate setup.
{% endhint %}

## How it works

1. You configure a SAML 2.0 application in your IdP, using the 2Checkout cPanel as the Service Provider (SP). Both the SP Entity ID and ACS URL are set to <https://secure.2checkout.com/cpanel/saml-login>.
2. You share your IdP metadata (URL or XML file) with your 2Checkout representative.
3. 2Checkout configures the integration on its end using the provided metadata.
4. SSO is initially validated with a restricted set of test users before being rolled out to all users.
5. Once fully enabled, you and your users are redirected to your organization's IdP for authentication when logging into the 2Checkout cPanel. Password-based login is disabled at this point.

## Supported identity providers

2Checkout Universal SSO is compatible with any Identity Provider that implements the SAML 2.0 standard. Below is a non-exhaustive list of popular IdPs, grouped by target market.

#### Enterprise & Large-Scale Identity Providers

* [Okta](/get-started/getting-started/activate-your-account/universal-sso-with-2checkout-saml-based/okta-to-2checkout-cpanel-sso-integration-setup-guide.md)
* [Microsoft Entra ID](/get-started/getting-started/activate-your-account/universal-sso-with-2checkout-saml-based/microsoft-entra-to-2checkout-cpanel-sso-integration-setup-guide.md) (Azure AD)
* [Ping Identity](/get-started/getting-started/activate-your-account/universal-sso-with-2checkout-saml-based/ping-identity-to-2checkout-cpanel-sso-integration-setup-guide.md)
* IBM Security Verify
* Oracle Identity Cloud Service

#### Cloud & SaaS-First Identity Providers

* OneLogin
* Auth0
* JumpCloud
* Google Workspace
* Salesforce Identity

#### Education, Public Sector & Nonprofit

* Shibboleth
* Azure AD for Education
* WSO2 Identity Server

#### Developer & Custom Identity Platforms

* Keycloak
* Gluu
* SimpleSAMLphp

## Setup and configuration

The setup process follows these high-level steps:

1. **Contact 2Checkout** — Reach out to 2Checkout Support or your vendor representative to initiate the SSO onboarding process.
2. **Configure your IdP** — Set up a SAML 2.0 application in your Identity Provider using the SP details provided. Your 2Checkout representative will guide you through this or provide IdP-specific instructions where available.
3. **Share your metadata** — Provide your IdP's Federation Metadata URL (or XML file) to your 2Checkout representative.
4. **Testing** — A test user will be used to validate the integration before it is rolled out to your organization.
5. **Full rollout** — Once testing is successful, ensure all your users are added to the application in your IdP. 2Checkout will then enable SSO for all users on your account.

{% hint style="info" %}
Once SSO is fully enabled, password-based authentication to the 2Checkout cPanel is disabled for all users on your account. It is critical that all your users are provisioned in the IdP before the final rollout step.
{% endhint %}

***

#### Need help?

For assistance or to begin the SSO onboarding process, contact 2Checkout Support or your vendor representative.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.2checkout.com/get-started/getting-started/activate-your-account/universal-sso-with-2checkout-saml-based.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.