# Signicat SSO

Use this guide when your organization signs in with Signicat. Lettermint connects to a Signicat OIDC client.

{/* Screenshot placeholder: /docs/images/sso/providers/signicat-oidc-client.png */}

## Before you start

You need access to the Signicat Dashboard, a configured Signicat domain, and an OIDC client. Signicat requires the redirect URI in requests to match the OIDC client configuration.

## Signicat setup

1. Open the Signicat Dashboard.
2. Go to **Products** > **eID and Wallet Hub** > **OIDC clients**.
3. Create or open the OIDC client for Lettermint.
4. Select the authorization code flow.
5. Add the Lettermint OIDC callback URL from the SSO guide as a redirect URI.
6. Add the required scopes, including `openid`.
7. Create and copy a client secret.

## Lettermint setup

In the Lettermint SSO setup screen, choose **Signicat** and enter:

| Field | Value |
|-------|-------|
| Domain | Your managed email domain, for example `example.com`. |
| Metadata URL | `https://{tenant}.signicat.com/.well-known/openid-configuration` |
| Client ID | The Signicat OIDC client ID. |
| Client secret | The Signicat client secret. |

If your Signicat product exposes a client-specific well-known URL, use that discovery URL instead.

## References

- [Signicat: OpenID Connect](https://developer.signicat.com/identity-methods/id-porten/integration-guide/oidc-id-porten/)
- [Signicat: OIDC Config API](https://developer.signicat.com/apis/oidc-config/)