> ## Documentation Index > Fetch the complete documentation index at: https://docs.libredesk.io/llms.txt > Use this file to discover all available pages before exploring further. # SSO Setup > Configure Single Sign-On with OpenID Connect providers Libredesk supports external OpenID Connect providers (e.g., Google, Keycloak) for signing in users. User accounts must be created in Libredesk manually; signup is not supported. ## Generic Configuration Steps Since each provider's configuration might differ, consult your provider's documentation for any additional or divergent settings. In your provider's admin console, create a new OpenID Connect application/client. Retrieve: * Client ID * Client Secret In Libredesk, navigate to Security → SSO and click New SSO and enter the following details: * Provider URL (e.g., the URL of your OpenID provider) * Client ID * Client Secret * A descriptive name for the connection After saving, copy the generated Callback URL from Libredesk and add it as a valid redirect URI in your provider's client settings. ## Provider Examples ### Keycloak In Keycloak, navigate to Clients and click Create: * Client ID (e.g., `libredesk-app`) * Client Protocol: `openid-connect` * Root URL and Web Origins: your app domain (e.g., `https://ticket.example.com`) * Under Authentication flow, uncheck everything except the standard flow * Click save Go to the credentials tab: * Ensure client authenticator is set to `Client Id and Secret` * Note down the generated client secret In Libredesk, go to Admin → Security → SSO and click New SSO: * Provider URL (e.g., `https://keycloak.example.com/realms/yourrealm`) * Name (e.g., `Keycloak`) * Client ID * Client secret * Click save 1. After saving, click on the three dots and choose Edit to open the new SSO entry 2. Copy the generated Callback URL from Libredesk 3. Back in Keycloak, edit the client and add the Callback URL to Valid Redirect URIs: * e.g., `https://ticket.example.com/api/v1/oidc/1/finish`