# Security & Auth

StepSecurity supports **Single Sign-On (SSO)** to help organizations manage user access in a secure and centralized way.

You can enable SSO using popular identity providers like **Okta**, **Google Workspace**, or **Microsoft Entra ID**. To set this up for your organization, please [**contact us**](https://www.stepsecurity.io/contact)**,** and we’ll help you get started.

Once SSO is enabled, you can enforce it across your organization to ensure that all members sign in using your configured identity provider.&#x20;

StepSecurity also offers SCIM-like functionality, allowing administrators to map StepSecurity authentication roles to SSO groups for streamlined user provisioning and role management.

In addition to SSO, members can also sign in using their **email and password** or **GitHub account**, depending on your chosen configuration.

From this page, you can:

* Configure SSO settings — Set up and manage Single Sign-On (SSO) for your organization.
* Enforce SSO for all members — Require all users to sign in using SSO to enhance security and ensure centralized access control.
* Select allowed login methods — Choose which authentication options are available (SSO, GitHub, or email/password).
* Disable API Key Authentication — Toggle API key access. The default setting is false (API key authentication enabled).
* Set idle session timeout — Specify the duration (in minutes) of allowed inactivity before users are automatically logged out.

<figure><img src="/files/xmX0YjZo6ff2KCKjGY1y" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.stepsecurity.io/administration/admin-console/access-control/security-and-auth.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.