# SAML Single Sign-On Flow {% hint style="info" %} Mobb supports SSO with your Identity Provider (i.e. Microsoft Entra ID) if required. If this is a requirement, please reach out to us via . {% endhint %} Single Sign-On (SSO) is a user authentication process that allows end-users to access the Mobb application with a single login provided by their Identify Provider (IdP). The following diagram explains the SSO flow in Mobb.
1. **User Navigates to Mobb** * The user opens the Mobb application. 2. **Mobb Checks for Existing Session** * Mobb looks for a valid session * If no valid session is found, Mobb initiates the SSO flow through Auth0. 3. **Auth0 Redirects User to IdP** * Auth0 redirects the user to the IdP (i.e. Microsoft Entra ID) login page to authenticate. 4. **User Authenticates with IdP** * The user enters their credentials on the IdP sign-in page. * IdP verifies the user’s identity against the organization’s directory. 5. **IdP Issues Security Token** * Upon successful authentication, IdP provides Auth0 with a security token (e.g., a JWT or SAML assertion). * Auth0 validates the IdP token and creates a session for the user. 6. **User Is Redirected Back to Mobb** * Auth0 redirects the user’s browser back to Mobb, along with the Auth0 token in the callback parameters. * Mobb verifies the token signature, checks its validity (expiry, issuer, audience, etc.), and extracts user attributes (e.g., email, roles). * If valid, Mobb creates or updates a session on its side and applies any role-based access control configured by the Mobb administrator. 7. **User Gains Access to Mobb Platform** * The user is now authenticated in Mobb’s system and can use the platform as permitted by their assigned roles/permissions. * Subsequent actions during this session are validated via Mobb’s session or tokens. 8. **Ongoing Access and Session Renewal** * As the user continues to work in Mobb, the session remains valid until it expires or the user signs out. * If/when the session expires, Mobb may prompt re-authentication through IdP again, re-initiating the SSO flow if needed. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.mobb.ai/mobb-user-docs/administration/single-sign-on-sso/saml-single-sign-on-flow.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.