diff --git a/docs/authentication/saml/overview.mdx b/docs/authentication/saml/overview.mdx index b9d0cd6c4d..b2a6202488 100644 --- a/docs/authentication/saml/overview.mdx +++ b/docs/authentication/saml/overview.mdx @@ -9,8 +9,8 @@ Currently, Clerk offers direct SAML integrations with [Microsoft Azure AD](/docs For EASIE connections, Clerk offers integration with Google Workspace and Microsoft Entra ID. Setting up an EASIE connection for production requires custom OAuth credentials, following the same steps outlined in our Google and Microsoft social connection guides: -- [Google] docs/authentication/social-connections/google -- [Microsoft] docs/authentication/social-connections/azure +- [Google](docs/authentication/social-connections/google) +- [Microsoft](docs/authentication/social-connections/azure) For development, the same shared OAuth credentials supported by Social Connections can be used for EASIE. @@ -20,6 +20,16 @@ For development, the same shared OAuth credentials supported by Social Connectio One of the primary tradeoffs is [security](https://easie.dev#security). Clerk does take steps to [migitate potential security conerns](https://easie.clerkstage.dev/#mitigating-tenant-crossover-vulnerabilities), but applications that must use single-tenant identity providers should use SAML SSO. +## Creating Enterprise Connections in Clerk Dashboard + +To create an Enterprise Connection, + +1. Navigate to the [Clerk Dashboard](https://dashboard.clerk.com/last-active?path=user-authentication/sso-connections). +1. In the top navigation, select **Configure**. Then in the sidebar, select **SSO Connections**. +1. Click on **Add connection** on the top right and select **For specific domains**. +1. Select one of the IdP options for an EASIE or SAML connection. +1. On the next page, enter any required information for the new Enterprise Connection, such as the **domain**. + ## Allow subdomains Authenticating via SAML SSO requires the user's email address domain to match the exact domain the SAML connection has been configured with. By default, subdomains are not supported. For example, a user with the email address `john@sales.example.com` would not be able to use a SAML connection with the `example.com` domain in order to authenticate.