For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Book a demoLog inStart for free
  • Getting started
    • Overview
  • Configuration
    • Member permissions
    • Connect a GitHub repository
    • Set up SSO
    • Password protection
    • Custom domains
    • PDF export
    • Changelog
Checking status...
SOC2Soc 2 Type II
© 2026 Fern • Birch Solutions, Inc., a Postman company

Documentation

SDKsDocsAsk FernCLI Reference

API Definitions

OpenAPIAsyncAPIOpenRPCgRPC

Resources

BlogSupportPricing

Company

Brand KitPrivacy PolicyTerms of Service
LogoLogo
Book a demoLog inStart for free
Configuration

Set up Single Sign-On (SSO)

||View as Markdown|
Was this page helpful?
Edit this page
Previous

Connect a GitHub repository

Next

Password protection

Enterprise feature

This feature is available only for the Enterprise plan. To get started, reach out to support@buildwithfern.com.

Set up Single Sign-On (SSO) to sign in to Fern using your existing identity provider.

SSO setup requires working with Fern to exchange configuration values (like callback URLs and entity IDs). To get started, select your identity provider below (Okta, Google Workspace, or Microsoft Entra), then choose SAML or OIDC.

Using another provider?

If you use another IdP, Fern will help you configure it. Reach out via Slack or support@buildwithfern.com to get started.

Okta
SAML
OIDC
1

Receive configuration values from Fern

Fern will send you the SSO URL and Audience URI through a secure channel.

2

Create and configure application in Okta

In Applications, create a new app integration using SAML 2.0. Configure with these values:

FieldValue
Single sign-on URL[value from Fern]
Audience URI[value from Fern]
Name ID formatEmailAddress

Then, add attribute statements:

NameValue
nameuser.firstName + " " + user.lastName
emailuser.email
3

Send Fern your IdP metadata

From the Sign-On tab, copy the Metadata URL and X.509 certificate. Send them back to Fern. Fern will enable the connection and run a test login with you.

4

Disable IdP-initiated login

In the General tab under App visibility, enable Do not display application icon to users. This prevents IdP-initiated login flows, which carry security risks.

5

Assign users

Assign the people who should access Fern.

Google Workspace
SAML
1

Receive configuration values from Fern

Fern will send you the ACS URL and Entity ID through a secure channel.

2

Create and configure application in Google

In Web and mobile apps, choose Add app → Add custom SAML app. On Service provider details, enter these values:

FieldValue
ACS URL[value from Fern]
Entity ID[value from Fern]
Name ID formatEMAIL
Name IDPrimary email

Then, add attribute statements:

Google Directory AttributeApp Attribute
First namefirstName
Last namelastName
3

Send Fern your IdP metadata

Copy the SSO URL, Entity ID, and X.509 certificate from Google. Send them to Fern. Fern will enable the connection and run a test login with you.

4

Assign users

Assign the people who should access Fern.

Microsoft Entra
SAML
1

Create an application

Under Enterprise applications, select New application → Create your own application → Non-gallery.

2

Receive configuration values from Fern

Fern will send you the Identifier (Entity ID) and Reply URL (ACS) through a secure channel.

3

Configure SAML

In Single Sign-On, choose SAML and enter these values:

FieldValue
Identifier (Entity ID)[value from Fern]
Reply URL (ACS)[value from Fern]
Name IDuser.primaryauthoritativeemail (email)

Then, add attribute statements:

NameValue
nameuser.displayname
emailuser.mail
4

Send Fern your IdP metadata

From SAML Certificates, copy the App Federation Metadata URL. Send it to Fern. Fern will enable the connection and run a test login with you.

5

Disable IdP-initiated login

To prevent IdP-initiated login flows (which carry security risks), do not distribute the User access URL.

Optionally, create a Conditional Access policy to block sign-ins that don’t originate from your service provider.

6

Assign users

In Users and groups, add the people who should access Fern.