# Configure Single Sign-On (SSO) (Helm)

{% hint style="info" %}
This documentation only applies to **advanced Orchestrated container deployments** using **Kubernetes** and **Helm**
{% endhint %}

This guide outlines the steps to configure Single Sign-On (SSO) for your CARTO Self-Hosted instance. [SSO integration](/carto-user-manual/settings/sso.md) enhances security and user experience by allowing users to log in with a single set of credentials across multiple systems.

## Prerequisites

{% hint style="info" %}
Please get in touch at <support@carto.com> to start configuring your SSO integration.
{% endhint %}

1. **Contact CARTO Support:**
   * Initiate contact with the CARTO Support team to request assistance with SSO configuration.
   * Work closely with the Support team to communicate your organization's specific requirements.
2. **Obtain organization ID:**
   * Once SSO is successfully configured from the CARTO side, CARTO Support team will provide you with a unique identifier known as the organization ID. This organization ID is **required to continue with the SSO configuration** in your CARTO Self-Hosted installation.

## **Setup**

In order to configure the SSO in your orchestrated container deployment, the organization ID should be injected into your CARTO Self-Hosted instance. This value can be configured following these steps:

* **Inject the organization ID into your CARTO Self-hosted:**

  * Add a new environment variable for the organization ID provided by CARTO Support in your <mark style="color:orange;">customizations.yaml</mark> file.

  ```yaml
  appConfigValues:
    ssoOrganizationId: "<YOUR_ORGANIZATION_ID>"
  ```
* **Deploy Changes:**
  * Deploy the updated configuration to apply the changes to your CARTO Self-Hosted instance.

## Conclusion

With the successful integration of SSO and the Organization ID, your CARTO Self-Hosted instance is now configured to provide a seamless and secure Single Sign-On experience for your users. You can now navigate to your CARTO deployment domain, and it should use your IdP to log into the platform.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.carto.com/carto-self-hosted/guides/guides-helm/configure-single-sign-on-sso.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.