# cidaas SSO

Use this guide when your organization signs in with cidaas. Lettermint connects to cidaas through OpenID Connect.

{/* Screenshot placeholder: /docs/images/sso/providers/cidaas-app.png */}

## Before you start

You need admin access to cidaas and an application client configured with the required redirect URLs. cidaas requires the `openid` scope for OIDC.

## cidaas setup

1. Open the cidaas Admin UI.
2. Create or open the application client for Lettermint.
3. Add the Lettermint OIDC callback URL from the SSO guide to the redirect URLs.
4. Enable the `openid`, `email`, and `profile` scopes when available.
5. Copy the client ID and client secret.
6. Note your cidaas tenant base URL.

## Lettermint setup

In the Lettermint SSO setup screen, choose **cidaas** and enter:

| Field | Value |
|-------|-------|
| Domain | Your managed email domain, for example `example.com`. |
| Metadata URL | `https://{tenant}.cidaas.eu/.well-known/openid-configuration` |
| Client ID | The cidaas client ID. |
| Client secret | The cidaas client secret. |

If your tenant uses a different cidaas domain, use that domain in the discovery URL.

## References

- [cidaas: cidaas as an Identity Provider](https://docs.cidaas.com/guides/cidaas-as-idp/oidc/)
- [cidaas: Authorization request](https://docs.cidaas.com/openapi/authentication/perform-auth-request)