# Setting up SSO with authentik

Sign in to freispace using authentik.

### Get started in freispace[​](#get-started-in-freispace "Direct link to Get started in freispace")

1. In freispace, start by clicking **Add tenant** and entering a name for this connection, e.g. *Authentik*.

### Create application in authentik[​](#create-application-in-authentik "Direct link to Create application in authentik")

1. Head to Applications > **Application**.

2. Click **Create with Provider**.

3. Enter `freispace` as **Name**. The Slug is set to `freispace` automatically.

4. Open **UI Settings** and set the **Launch URL** to the **Team login URL** from freispace (e.g. *<https://app.freispace.com/login/your-company>*).

   ![Create SAML application in authentik](/assets/images/authentik-sso-freispace-01-5f9cc60c4830a833833247e99c36b183.png)

5. Click **Next** and select **SAML**.

6. Click **Next** and select an **Authorization flow**, e.g. *default-provider-authorization-explicit-consent*

7. Under *Protocol settings*, ensure to set:

   1. **ACS URL** by copying the value from freispace of the field **Reply URL / Assertion Consumer Service URL (ACS)** (in the format of *<https://api.app.freispace.com/api/v1/saml2/xxx/acs>*).
   2. **Issuer** may remain *authentik*.
   3. **Service Provider Binding** must be set to **Post**.

   ![Set up authentik SSO in freispace](/assets/images/authentik-sso-freispace-02-2850a18a766ef4bfa4431154a8319109.png)

8. Open **Advanced protocol settings** and select a **Signing certificate** (e.g. *authentik Self-signed Certificate*)

   ![Use authentik SAML SSO with freispace](/assets/images/authentik-sso-freispace-03-ea9d1d2b7a6cd603dfef7a9e4e72253d.png)

9. Set any additional settings you may want, click **Next** to step through configuration and finally confirm with **Submit** at the end.

10. Navigate to Applications > **Providers** and select the appropriate one, likely *Provider for freispace*.

### Setting up freispace[​](#setting-up-freispace "Direct link to Setting up freispace")

1. Copy the provided data from Authentik into freispace.

   | Authentik name     | freispace name            | Example data                                                                     |
   | ------------------ | ------------------------- | -------------------------------------------------------------------------------- |
   | Issuer             | IdP Issuer ID             | `authentik`                                                                      |
   | SSO URL (Redirect) | Login URL (SSO endpoint)  | `https://your.authentik.domain/application/saml/freispace/sso/binding/redirect/` |
   | SLO URL (Redirect) | Logout URL (SLO endpoint) | `https://your.authentik.domain/application/saml/freispace/slo/binding/redirect/` |

2. In Authentik, click **Download** unter *Download signing certificate*.

3. Open the downloaded file in any text editor, copy the entire contents (including `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----`) and paste it into **IdP X.509 Certificate** in freispace.

   ![Authentik SSO settings for freispace](/assets/images/authentik-sso-freispace-45c40e91f13968e5e8375d1efe72e942.jpg)

4. In freispace, click **Save settings**. Ensure to **Activate** the new tenant.

### Done! 🎉[​](#done- "Direct link to Done! 🎉")

freispace should now appear as an app for your users.