[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"docs-navigation-en":3,"layout-toc-en-/docs/integrations/sso-setup":222,"docs-page-en-/integrations/sso-setup":722},[4],{"title":5,"path":6,"stem":7,"children":8,"page":221},"Docs","/docs","docs",[9,37,66,98,117,140,159,169,185,213],{"title":10,"path":11,"stem":12,"children":13,"page":-1,"icon":15,"order":16},"Welcome to InterMIND","/docs/getting-started","docs/1.getting-started/index",[14,17,22,27,32],{"title":10,"path":11,"stem":12,"icon":15,"order":16},"i-heroicons-rocket-launch",1,{"title":18,"path":19,"stem":20,"icon":21,"order":16},"Signing In","/docs/getting-started/sign-in","docs/1.getting-started/1.sign-in",null,{"title":23,"path":24,"stem":25,"icon":21,"order":26},"Creating an Account","/docs/getting-started/account","docs/1.getting-started/2.account",2,{"title":28,"path":29,"stem":30,"icon":21,"order":31},"Your First Meeting","/docs/getting-started/first-meeting","docs/1.getting-started/3.first-meeting",3,{"title":33,"path":34,"stem":35,"icon":21,"order":36},"System Requirements","/docs/getting-started/system-requirements","docs/1.getting-started/4.system-requirements",4,{"title":38,"path":39,"stem":40,"children":41,"page":-1,"icon":43,"order":26},"Real-Time Translation","/docs/translation","docs/2.translation/index",[42,44,48,52,56,61],{"title":38,"path":39,"stem":40,"icon":43,"order":26},"i-heroicons-language",{"title":45,"path":46,"stem":47,"icon":21,"order":26},"Choosing Languages","/docs/translation/languages","docs/2.translation/1.languages",{"title":49,"path":50,"stem":51,"icon":21,"order":31},"Live Subtitles","/docs/translation/subtitles","docs/2.translation/2.subtitles",{"title":53,"path":54,"stem":55,"icon":21,"order":36},"Transcription","/docs/translation/transcription","docs/2.translation/3.transcription",{"title":57,"path":58,"stem":59,"icon":21,"order":60},"Usage Limits","/docs/translation/limits","docs/2.translation/4.limits",5,{"title":62,"path":63,"stem":64,"icon":21,"order":65},"Your Own Voice","/docs/translation/own-voice","docs/2.translation/5.own-voice",6,{"title":67,"path":68,"stem":69,"children":70,"page":-1,"icon":72,"order":31},"Meetings & Conferences","/docs/meetings","docs/3.meetings/index",[71,73,77,81,85,89,94],{"title":67,"path":68,"stem":69,"icon":72,"order":31},"i-heroicons-video-camera",{"title":74,"path":75,"stem":76,"icon":21,"order":26},"Starting a Meeting","/docs/meetings/start","docs/3.meetings/1.start",{"title":78,"path":79,"stem":80,"icon":21,"order":31},"Joining a Meeting","/docs/meetings/join","docs/3.meetings/2.join",{"title":82,"path":83,"stem":84,"icon":21,"order":36},"Meeting Controls","/docs/meetings/controls","docs/3.meetings/3.controls",{"title":86,"path":87,"stem":88,"icon":21,"order":60},"Screen Sharing & Recording","/docs/meetings/screen-sharing","docs/3.meetings/4.screen-sharing",{"title":90,"path":91,"stem":92,"icon":21,"order":93},"Reactions & Hand Raise","/docs/meetings/reactions","docs/3.meetings/5.reactions",7,{"title":95,"path":96,"stem":97,"icon":21,"order":65},"Guest Access","/docs/meetings/guest-access","docs/3.meetings/6.guest-access",{"title":99,"path":100,"stem":101,"children":102,"page":-1,"icon":104,"order":36},"Chat","/docs/chat","docs/4.chat/index",[103,105,109,113],{"title":99,"path":100,"stem":101,"icon":104,"order":36},"i-heroicons-chat-bubble-left-right",{"title":106,"path":107,"stem":108,"icon":21,"order":26},"Messages","/docs/chat/messages","docs/4.chat/1.messages",{"title":110,"path":111,"stem":112,"icon":21,"order":36},"Chat Translation","/docs/chat/translation","docs/4.chat/2.translation",{"title":114,"path":115,"stem":116,"icon":21,"order":31},"File Sharing","/docs/chat/files","docs/4.chat/3.files",{"title":118,"path":119,"stem":120,"children":121,"page":-1,"icon":123,"order":60},"Settings","/docs/settings","docs/5.settings/index",[122,124,128,132,136],{"title":118,"path":119,"stem":120,"icon":123,"order":60},"i-heroicons-cog-6-tooth",{"title":125,"path":126,"stem":127,"icon":21,"order":26},"Profile Settings","/docs/settings/profile","docs/5.settings/1.profile",{"title":129,"path":130,"stem":131,"icon":21,"order":31},"Appearance","/docs/settings/appearance","docs/5.settings/2.appearance",{"title":133,"path":134,"stem":135,"icon":21,"order":60},"Meeting Defaults","/docs/settings/meeting-defaults","docs/5.settings/3.meeting-defaults",{"title":137,"path":138,"stem":139,"icon":21,"order":36},"Keyboard Shortcuts","/docs/settings/keyboard-shortcuts","docs/5.settings/4.keyboard-shortcuts",{"title":141,"path":142,"stem":143,"children":144,"page":-1,"icon":146,"order":65},"Team Administration","/docs/users","docs/6.users/index",[145,147,151,155],{"title":141,"path":142,"stem":143,"icon":146,"order":65},"i-heroicons-user-group",{"title":148,"path":149,"stem":150,"icon":21,"order":26},"Inviting Members","/docs/users/inviting","docs/6.users/1.inviting",{"title":152,"path":153,"stem":154,"icon":21,"order":31},"Managing Members","/docs/users/managing","docs/6.users/2.managing",{"title":156,"path":157,"stem":158,"icon":21,"order":36},"Team Storage","/docs/users/storage","docs/6.users/3.storage",{"title":160,"path":161,"stem":162,"children":163,"page":-1,"icon":21,"order":93},"Integrations","/docs/integrations","docs/7.integrations/index",[164,165],{"title":160,"path":161,"stem":162,"icon":21,"order":93},{"title":166,"path":167,"stem":168,"icon":21,"order":16},"SSO Setup","/docs/integrations/sso-setup","docs/7.integrations/1.sso-setup",{"title":170,"path":171,"stem":172,"children":173,"page":-1,"icon":175,"order":176},"Billing & Plans","/docs/billing","docs/8.billing/index",[174,177,181],{"title":170,"path":171,"stem":172,"icon":175,"order":176},"i-heroicons-credit-card",8,{"title":178,"path":179,"stem":180,"icon":21,"order":26},"Managing Your Subscription","/docs/billing/manage","docs/8.billing/1.manage",{"title":182,"path":183,"stem":184,"icon":21,"order":31},"Usage & Invoices","/docs/billing/usage","docs/8.billing/2.usage",{"title":186,"path":187,"stem":188,"children":189,"page":-1,"icon":191,"order":192},"Troubleshooting","/docs/troubleshooting","docs/9.troubleshooting/index",[190,193,197,201,205,209],{"title":186,"path":187,"stem":188,"icon":191,"order":192},"i-heroicons-wrench-screwdriver",9,{"title":194,"path":195,"stem":196,"icon":21,"order":16},"Audio Issues","/docs/troubleshooting/audio","docs/9.troubleshooting/1.audio",{"title":198,"path":199,"stem":200,"icon":21,"order":26},"Video & Camera Issues","/docs/troubleshooting/video","docs/9.troubleshooting/2.video",{"title":202,"path":203,"stem":204,"icon":21,"order":31},"Translation Quality","/docs/troubleshooting/translation-quality","docs/9.troubleshooting/3.translation-quality",{"title":206,"path":207,"stem":208,"icon":21,"order":36},"Network & Connection","/docs/troubleshooting/network","docs/9.troubleshooting/4.network",{"title":210,"path":211,"stem":212,"icon":21,"order":60},"Browsers & Devices","/docs/troubleshooting/browsers","docs/9.troubleshooting/5.browsers",{"title":214,"path":215,"stem":216,"children":217,"icon":219,"order":220},"Security & Privacy","/docs/security","docs/99.security/index",[218],{"title":214,"path":215,"stem":216,"icon":219,"order":220},"i-heroicons-shield-check",99,false,{"id":223,"title":166,"body":224,"description":716,"extension":717,"icon":21,"meta":718,"navigation":719,"path":167,"screenshots":21,"seo":720,"stem":168,"__hash__":721},"docs_en/docs/7.integrations/1.sso-setup.md",{"type":225,"value":226,"toc":705},"minimark",[227,231,240,254,259,288,292,299,348,355,362,414,417,421,475,479,528,532,542,546,574,577,670,674],[228,229,166],"h1",{"id":230},"sso-setup",[232,233,234,235,239],"p",{},"This guide is for the IT admin connecting a company identity provider (IdP) to InterMIND. After setup, members sign in from the regular login page: ",[236,237,238],"strong",{},"Sign in with SSO"," → work email → your IdP → back in InterMIND.",[232,241,242,245,246,249,250,253],{},[236,243,244],{},"Available on:"," Business and Enterprise plans\n",[236,247,248],{},"Configured by:"," team owner or admin\n",[236,251,252],{},"Protocol:"," OpenID Connect (OIDC). SAML 2.0 sign-in is in development — SAML configuration is stored but cannot be used to sign in yet.",[255,256,258],"h2",{"id":257},"prerequisites","Prerequisites",[260,261,262,276],"ol",{},[263,264,265,266,269,270,275],"li",{},"A ",[236,267,268],{},"verified domain"," — verify your email domain via DNS TXT record first (see ",[271,272,274],"a",{"href":273},"/docs/integrations#domain-management","Domain Management","). SSO sign-in only accepts accounts whose email domain your team has verified; this is the tenant boundary.",[263,277,278,279,282,283,287],{},"An IdP that supports ",[236,280,281],{},"OIDC with discovery"," — it must serve ",[284,285,286],"code",{},"/.well-known/openid-configuration"," under the Issuer URL. Okta, Microsoft Entra ID, and Google all do.",[255,289,291],{"id":290},"what-to-register-in-your-idp","What to register in your IdP",[232,293,294,295,298],{},"Create an ",[236,296,297],{},"OIDC Web Application"," in your IdP with:",[300,301,302,315],"table",{},[303,304,305],"thead",{},[306,307,308,312],"tr",{},[309,310,311],"th",{},"Setting",[309,313,314],{},"Value",[316,317,318,330,338],"tbody",{},[306,319,320,324],{},[321,322,323],"td",{},"Redirect URI (callback)",[321,325,326,329],{},[284,327,328],{},"https://intermind.com/api/auth/sso/callback"," — also shown in the SSO card after you select OIDC",[306,331,332,335],{},[321,333,334],{},"Grant type",[321,336,337],{},"Authorization Code (PKCE S256 is used automatically)",[306,339,340,343],{},[321,341,342],{},"Scopes",[321,344,345],{},[284,346,347],{},"openid email profile",[232,349,350,351,354],{},"The ID token your IdP issues must include the user's ",[284,352,353],{},"email",", and the email's domain must be one of your verified domains — otherwise sign-in is refused.",[232,356,357,358,361],{},"Then fill in the ",[236,359,360],{},"SSO"," card on the Integrations page:",[300,363,364,374],{},[303,365,366],{},[306,367,368,371],{},[309,369,370],{},"Field",[309,372,373],{},"What to paste",[316,375,376,384,394,406],{},[306,377,378,381],{},[321,379,380],{},"Display Name",[321,382,383],{},"Any label your members will recognize",[306,385,386,389],{},[321,387,388],{},"Issuer URL",[321,390,391,392],{},"Your IdP's issuer — the URL that serves ",[284,393,286],{},[306,395,396,399],{},[321,397,398],{},"Authorization URL",[321,400,401,402,405],{},"The ",[284,403,404],{},"authorization_endpoint"," from that discovery document",[306,407,408,411],{},[321,409,410],{},"Client ID / Client Secret",[321,412,413],{},"From the app you registered",[232,415,416],{},"The client secret is encrypted at rest and never returned to the browser after saving.",[255,418,420],{"id":419},"okta","Okta",[260,422,423,437,445,448,458],{},[263,424,425,426,429,430,433,434],{},"Admin console → ",[236,427,428],{},"Applications → Create App Integration"," → sign-in method ",[236,431,432],{},"OIDC",", application type ",[236,435,436],{},"Web Application",[263,438,439,442,443],{},[236,440,441],{},"Sign-in redirect URI:"," ",[284,444,328],{},[263,446,447],{},"Assign the users or groups who should have access",[263,449,450,451,454,455],{},"Copy the ",[236,452,453],{},"Client ID"," and ",[236,456,457],{},"Client Secret",[263,459,460,461,464,465,468,469,471,472],{},"In InterMIND: Issuer URL = your Okta org URL (e.g. ",[284,462,463],{},"https://acme.okta.com",", or your authorization server's issuer such as ",[284,466,467],{},"https://acme.okta.com/oauth2/default"," if you use one); Authorization URL = the ",[284,470,404],{}," from ",[284,473,474],{},"\u003Cissuer>/.well-known/openid-configuration",[255,476,478],{"id":477},"microsoft-entra-id-azure-ad","Microsoft Entra ID (Azure AD)",[260,480,481,487,496,505,512,518],{},[263,482,483,484],{},"Entra admin center → ",[236,485,486],{},"App registrations → New registration",[263,488,489,490,493,494],{},"Platform ",[236,491,492],{},"Web",", redirect URI ",[284,495,328],{},[263,497,498,501,502,504],{},[236,499,500],{},"Certificates & secrets → New client secret"," — copy the secret ",[236,503,314],{}," immediately",[263,506,507,508,511],{},"Client ID = the ",[236,509,510],{},"Application (client) ID"," on the Overview page",[263,513,514,515],{},"Make sure the ID token carries the user's email: ",[236,516,517],{},"Token configuration → Add optional claim → ID → email",[263,519,520,521,524,525],{},"In InterMIND: Issuer URL = ",[284,522,523],{},"https://login.microsoftonline.com/\u003Ctenant-id>/v2.0","; Authorization URL = ",[284,526,527],{},"https://login.microsoftonline.com/\u003Ctenant-id>/oauth2/v2.0/authorize",[255,529,531],{"id":530},"google-workspace","Google Workspace",[232,533,534,535,537,538,541],{},"No app registration needed. In the SSO card choose the ",[236,536,531],{}," provider type and save — members on your verified domains sign in with their Google account and join your team automatically. (Google can also be connected as a generic OIDC provider with issuer ",[284,539,540],{},"https://accounts.google.com"," if you prefer explicit client credentials.)",[255,543,545],{"id":544},"test-the-connection","Test the connection",[260,547,548,551,557,560],{},[263,549,550],{},"Open the login page in a private/incognito window",[263,552,553,554,556],{},"Click ",[236,555,238],{}," and enter a work email on your verified domain",[263,558,559],{},"You are redirected to your IdP; after authenticating, you land back in InterMIND signed in",[263,561,562,563,566,567,570,571],{},"The sign-in is recorded in the team audit log (exportable from the ",[236,564,565],{},"Users"," page) as ",[284,568,569],{},"auth.login"," with method ",[284,572,573],{},"sso",[255,575,186],{"id":576},"troubleshooting",[300,578,579,589],{},[303,580,581],{},[306,582,583,586],{},[309,584,585],{},"Symptom",[309,587,588],{},"Cause",[316,590,591,599,609,619,629,639,651,659],{},[306,592,593,596],{},[321,594,595],{},"\"SSO is not configured\" after entering the email",[321,597,598],{},"No enabled SSO config matches that email domain — check the domain is verified and the SSO card is saved",[306,600,601,606],{},[321,602,603],{},[284,604,605],{},"SSO login is not available: plan",[321,607,608],{},"The team's plan no longer includes SSO",[306,610,611,616],{},[321,612,613],{},[284,614,615],{},"SSO login is not available: domain-not-verified",[321,617,618],{},"The domain is still pending DNS verification",[306,620,621,626],{},[321,622,623],{},[284,624,625],{},"SSO login is not available: config-incomplete",[321,627,628],{},"Client ID or Client Secret missing — re-save the SSO card",[306,630,631,636],{},[321,632,633],{},[284,634,635],{},"SSO login is not available: type-unsupported",[321,637,638],{},"The stored config is SAML — SAML sign-in is not available yet",[306,640,641,646],{},[321,642,643],{},[284,644,645],{},"SSO IdP discovery failed",[321,647,648,649],{},"Issuer URL is wrong or doesn't serve ",[284,650,286],{},[306,652,653,656],{},[321,654,655],{},"\"login session expired, start again\"",[321,657,658],{},"More than 5 minutes passed between starting sign-in and the IdP callback",[306,660,661,664],{},[321,662,663],{},"Sign-in refused after the IdP redirects back",[321,665,666,667,669],{},"The IdP returned an email outside your verified domains, or no ",[284,668,353],{}," claim at all (Entra: add the optional email claim)",[255,671,673],{"id":672},"security-properties","Security properties",[232,675,676,677,680,681,684,685,688,689,692,693,696,697,700,701,704],{},"For security questionnaires: the SSO flow is Authorization Code with ",[236,678,679],{},"PKCE (S256)",", ",[236,682,683],{},"state",", and ",[236,686,687],{},"nonce","; the ID token's ",[236,690,691],{},"signature is validated against the IdP's JWKS",", along with issuer and audience; the IdP is authoritative only for ",[236,694,695],{},"domains verified via DNS"," — an assertion for any other email never produces a session; the OIDC client secret is ",[236,698,699],{},"encrypted at rest","; every SSO sign-in lands in the team ",[236,702,703],{},"audit log",". Plan, domain, and configuration gates are enforced server-side on both the sign-in start and the callback.",{"title":706,"searchDepth":26,"depth":31,"links":707},"",[708,709,710,711,712,713,714,715],{"id":257,"depth":26,"text":258},{"id":290,"depth":26,"text":291},{"id":419,"depth":26,"text":420},{"id":477,"depth":26,"text":478},{"id":530,"depth":26,"text":531},{"id":544,"depth":26,"text":545},{"id":576,"depth":26,"text":186},{"id":672,"depth":26,"text":673},"Connect Okta, Microsoft Entra ID, or Google Workspace so your team signs in through your identity provider.","md",{},{"order":16},{"title":166,"description":716},"N0zmoB242yU1u9xw2wq_JsdXpOPN-WRHP7hxZBvgVF4",{"page":723,"surround":1051},{"id":223,"title":166,"body":724,"description":716,"extension":717,"icon":21,"meta":1048,"navigation":1049,"path":167,"screenshots":21,"seo":1050,"stem":168,"__hash__":721},{"type":225,"value":725,"toc":1038},[726,728,732,740,742,756,758,762,796,800,804,844,846,848,882,884,916,918,924,926,944,946,1020,1022],[228,727,166],{"id":230},[232,729,234,730,239],{},[236,731,238],{},[232,733,734,245,736,249,738,253],{},[236,735,244],{},[236,737,248],{},[236,739,252],{},[255,741,258],{"id":257},[260,743,744,750],{},[263,745,265,746,269,748,275],{},[236,747,268],{},[271,749,274],{"href":273},[263,751,278,752,282,754,287],{},[236,753,281],{},[284,755,286],{},[255,757,291],{"id":290},[232,759,294,760,298],{},[236,761,297],{},[300,763,764,772],{},[303,765,766],{},[306,767,768,770],{},[309,769,311],{},[309,771,314],{},[316,773,774,782,788],{},[306,775,776,778],{},[321,777,323],{},[321,779,780,329],{},[284,781,328],{},[306,783,784,786],{},[321,785,334],{},[321,787,337],{},[306,789,790,792],{},[321,791,342],{},[321,793,794],{},[284,795,347],{},[232,797,350,798,354],{},[284,799,353],{},[232,801,357,802,361],{},[236,803,360],{},[300,805,806,814],{},[303,807,808],{},[306,809,810,812],{},[309,811,370],{},[309,813,373],{},[316,815,816,822,830,838],{},[306,817,818,820],{},[321,819,380],{},[321,821,383],{},[306,823,824,826],{},[321,825,388],{},[321,827,391,828],{},[284,829,286],{},[306,831,832,834],{},[321,833,398],{},[321,835,401,836,405],{},[284,837,404],{},[306,839,840,842],{},[321,841,410],{},[321,843,413],{},[232,845,416],{},[255,847,420],{"id":419},[260,849,850,858,864,866,872],{},[263,851,425,852,429,854,433,856],{},[236,853,428],{},[236,855,432],{},[236,857,436],{},[263,859,860,442,862],{},[236,861,441],{},[284,863,328],{},[263,865,447],{},[263,867,450,868,454,870],{},[236,869,453],{},[236,871,457],{},[263,873,460,874,464,876,468,878,471,880],{},[284,875,463],{},[284,877,467],{},[284,879,404],{},[284,881,474],{},[255,883,478],{"id":477},[260,885,886,890,896,902,906,910],{},[263,887,483,888],{},[236,889,486],{},[263,891,489,892,493,894],{},[236,893,492],{},[284,895,328],{},[263,897,898,501,900,504],{},[236,899,500],{},[236,901,314],{},[263,903,507,904,511],{},[236,905,510],{},[263,907,514,908],{},[236,909,517],{},[263,911,520,912,524,914],{},[284,913,523],{},[284,915,527],{},[255,917,531],{"id":530},[232,919,534,920,537,922,541],{},[236,921,531],{},[284,923,540],{},[255,925,545],{"id":544},[260,927,928,930,934,936],{},[263,929,550],{},[263,931,553,932,556],{},[236,933,238],{},[263,935,559],{},[263,937,562,938,566,940,570,942],{},[236,939,565],{},[284,941,569],{},[284,943,573],{},[255,945,186],{"id":576},[300,947,948,956],{},[303,949,950],{},[306,951,952,954],{},[309,953,585],{},[309,955,588],{},[316,957,958,964,972,980,988,996,1006,1012],{},[306,959,960,962],{},[321,961,595],{},[321,963,598],{},[306,965,966,970],{},[321,967,968],{},[284,969,605],{},[321,971,608],{},[306,973,974,978],{},[321,975,976],{},[284,977,615],{},[321,979,618],{},[306,981,982,986],{},[321,983,984],{},[284,985,625],{},[321,987,628],{},[306,989,990,994],{},[321,991,992],{},[284,993,635],{},[321,995,638],{},[306,997,998,1002],{},[321,999,1000],{},[284,1001,645],{},[321,1003,648,1004],{},[284,1005,286],{},[306,1007,1008,1010],{},[321,1009,655],{},[321,1011,658],{},[306,1013,1014,1016],{},[321,1015,663],{},[321,1017,666,1018,669],{},[284,1019,353],{},[255,1021,673],{"id":672},[232,1023,676,1024,680,1026,684,1028,688,1030,692,1032,696,1034,700,1036,704],{},[236,1025,679],{},[236,1027,683],{},[236,1029,687],{},[236,1031,691],{},[236,1033,695],{},[236,1035,699],{},[236,1037,703],{},{"title":706,"searchDepth":26,"depth":31,"links":1039},[1040,1041,1042,1043,1044,1045,1046,1047],{"id":257,"depth":26,"text":258},{"id":290,"depth":26,"text":291},{"id":419,"depth":26,"text":420},{"id":477,"depth":26,"text":478},{"id":530,"depth":26,"text":531},{"id":544,"depth":26,"text":545},{"id":576,"depth":26,"text":186},{"id":672,"depth":26,"text":673},{},{"order":16},{"title":166,"description":716},[1052,1054],{"title":160,"path":161,"stem":162,"description":1053,"order":93,"children":-1},"Configure push notifications, calendar, directory sync, and SSO.",{"title":170,"path":171,"stem":172,"description":1055,"order":176,"children":-1},"Overview of InterMIND subscription plans, pricing, and billing management."]