Configure Single Sign-On (SSO)

This documentation is for the CARTO Self-Hosted Legacy Version. Use only if you've installed this specific version. Explore our latest documentation for updated features.

This guide outlines the steps to configure Single Sign-On (SSO) for your CARTO Self-Hosted instance. SSO integration enhances security and user experience by allowing users to log in with a single set of credentials across multiple systems.


Please get in touch at to start configuring your SSO integration.

  1. Contact CARTO Support:

    • Initiate contact with the CARTO Support team to request assistance with SSO configuration.

    • Work closely with the Support team to communicate your organization's specific requirements.

  2. Obtain organization ID:

    • Once SSO is successfully configured from the CARTO side, CARTO Support team will provide you with a unique identifier known as the organization ID. This organization ID is required to continue with the SSO configuration in your CARTO Self-Hosted installation.

Single VM deployments (Docker Compose)

To integrate the obtained Organization ID with your CARTO Self-Hosted instance, you just have to add a new environment variable into your customer.env file:


Once you've added this new environment variable, you'll have to execute the installation script and restart your CARTO deployment so that the new changes are applied.

Orchestrated container deployment (Kubernetes)

In order to configure the SSO in your orchestrated container deployment, the organization ID should be injected into your CARTO Self-Hosted instance. This value can be configured following these steps:

  • Inject the organization ID into your CARTO Self-hosted:

    • Add a new environment variable for the organization ID provided by CARTO Support in your customizations.yaml file.

      ssoOrganizationId: "<YOUR_ORGANIZATION_ID>"
  • Deploy Changes:

    • Deploy the updated configuration to apply the changes to your CARTO Self-Hosted instance.


With the successful integration of SSO and the Organization ID, your CARTO Self-Hosted instance is now configured to provide a seamless and secure Single Sign-On experience for your users. You can now navigate to your CARTO deployment domain, and it should use your IdP to log into the platform.

Last updated