# Configuring SSO

These examples assume you are self-hosting Pipekit on the subdomain `pipekit.example.com`. Replace this with your actual domain.

## GitLab

1. Go to your GitLab group settings and click on "Applications"
2. Click on "New Application"
3. Fill in the details:
   * Name: \[Choose a unique App name]
   * Redirect URI: <https://pipekit.example.com/api/id/v1/sso/gitlab/callback>
   * Tick "Confidential"
   * Scopes:
     * read\_user
     * openid
     * profile
     * email
4. Click "Save application"
5. Note down the Application ID and Secret and pass them to the [Helm Chart Values](https://docs.pipekit.io/self-hosting-pipekit/helm-chart) to configure Pipekit.

## Microsoft (Azure AD/Entra) Social Login

1. Create a new app registration in your Azure AD tenant.
2. Fill in the details:
   * Name: \[Choose a unique App name]
   * Supported account types: Choose the account types you want to support.
   * Redirect URI:
     * Platform: Web
     * <https://pipekit.example.com/api/id/v1/sso/microsoft/callback>
3. After creating the app, create a Client Secret and note it down.
4. Then add the following API permissions:
   * Microsoft Graph:
     * email
     * openid
     * profile
     * User.Read
5. Note the Application (client) ID and pass it along with the Client Secret to the [Helm Chart Values](https://docs.pipekit.io/self-hosting-pipekit/helm-chart) to configure Pipekit.