# Integrating Your Identity Provider You’ll need to configure an application in your IDP, set up role-based groups matching exactly those specified in [Trusst AI Roles and Permissions](https://docs.trusst.ai/trusst-resource-centre/product-guides/user-roles-and-permissions), and expose these groups in the ID token. *** ### Step 1: Create Security Groups for Roles Create security groups in your IDP exactly matching these roles: * `trusst_ai_viewer` * `trusst_ai_evaluator` * `trusst_ai_prompt_admin` * `trusst_ai_agent_admin` * `trusst_ai_app_admin` Okta: * Directory → Groups → Add Group → (Role name) Entra ID: * Azure AD → Groups → New group → Security → (Role name) *** ### Step 2: Assign Users to Role Groups Assign users to the groups representing their required roles. Okta: * Directory → Groups → (Role group) → People → Assign People Entra ID: * Azure AD → Groups → (Role group) → Members → Add Members *** ### Step 3: Register Trusst AI Application Register a new OIDC web application for Trusst AI. Okta: * Applications → Create App Integration → OIDC → Web Application * Sign-in redirect URI: `https://trusstai.au.auth0.com/login/callback` Entra ID: * Azure AD → App registrations → New Registration * Redirect URI: `https://trusstai.au.auth0.com/login/callback` *Note: Auth0 Client ID and Application ID URI, if required, are provided securely by your Trusst AI integration contact.* *** ### Step 4: Assign Role Groups to the Application Assign previously created role groups to the Trusst AI application. Okta: * Applications → (Trusst AI App) → Assignments → Assign to Groups Entra ID: * Enterprise Applications → (Trusst AI App) → Users and groups → Add user/group *** ### Step 5: Configure Group Claims in ID Token Expose group claims (roles) in the authentication token. Okta: * Applications → (Trusst AI App) → Sign On → OpenID Connect ID Token → Edit * Groups claim type: `Filter` * Filter: `Starts with` → `trusst_ai` Entra ID: * Azure AD → App registrations → (Trusst AI App) → Token configuration → Add groups claim → Security groups *** ### Step 6: Complete Integration and Verification Notify your Trusst AI contact once setup is complete. Verify login with a user assigned to one or more role groups. See [Trusst AI Roles and Permissions](https://docs.trusst.ai/trusst-resource-centre/product-guides/user-roles-and-permissions) for detailed role definitions. Contact Trusst AI support if assistance is required.