# SSO

{% hint style="info" %}
SSO is a premium feature available only with our EXPERT package for PerfectScale’s paying customers. Contact <sales@perfectscale.io> to learn more about how to gain access to this feature.
{% endhint %}

## Setting up a new SSO connection

Setting up a new SSO connection is a simple process that can be completed in just a few steps.

1. Access **`Organization Settings`** by clicking on the **`Profile`** button and selecting it from the list.
2. Go to the **`SSO`** tab and click on the **`Setup SSO Connection`** button.
3. Select your provider and follow a step-by-step guided SSO process that is located in the app. The following IDPs are available:
   * SAML:
     1. Okta&#x20;
     2. Azure
     3. Custom
   * OpenID:
     1. Okta
     2. Custom

<figure><img src="https://1573387604-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FABMqnYtsOO44JmQTVSnn%2Fuploads%2FIKhMrRAOlDVU5xWBfsFY%2Fsso.gif?alt=media&#x26;token=91f29c29-590c-43a3-9c88-ce7c71a2bc0a" alt=""><figcaption><p>SSO</p></figcaption></figure>

## Domain validation

PerfectScale recommends updating the domain in the DNS records. This allows verified end users to use their domain for SSO configuration without verifying domain ownership through DNS.

### How to access DNS settings

1. To access your DNS settings, log in to your domain registrar's account (e.g., GoDaddy, Namecheap, Google Domains, etc.).
2. Navigate to the DNS settings or DNS management section of your domain.

{% hint style="info" %}
If you encounter any issues accessing your DNS records, please reach out to us at <support@perfectscale.io> or in our [Slack](https://join.slack.com/t/perfectscalecommunity/shared_invite/zt-1tu9teu9e-Z9tGt4LpNI8tUC3j8obcmQ) community.&#x20;
{% endhint %}

### How to add a TXT record

1. After accessing the DNS settings, find the option to add a new record.
2. Choose TXT as the record type.
3. Depending on your registrar's requirements, you may leave the `Name` or `Host` field blank or enter `@`.
4. For the Value field, input the TXT record value provided by the Auth Provider. This value is unique to your configuration and can be found in your Organization Settings.
5. Make sure to save or apply the changes to add the TXT record to your DNS settings.
6. Once the process is complete, the authentication provider should detect the record and validate your domain.

{% hint style="info" %}
DNS TXT record changes usually apply within minutes to a few hours, but full global propagation can take up to 48 hours.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.perfectscale.io/administration/security/sso.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.