# Integrating Your Identity Provider You’ll need to configure an application in your IDP, set up role-based groups matching exactly those specified in [Trusst AI Roles and Permissions](/trusst-resource-centre/product-guides/user-roles-and-permissions.md), and expose these groups in the ID token. *** ### Step 1: Create Security Groups for Roles Create security groups in your IDP exactly matching these roles: * `trusst_ai_viewer` * `trusst_ai_evaluator` * `trusst_ai_prompt_admin` * `trusst_ai_agent_admin` * `trusst_ai_app_admin` Okta: * Directory → Groups → Add Group → (Role name) Entra ID: * Azure AD → Groups → New group → Security → (Role name) *** ### Step 2: Assign Users to Role Groups Assign users to the groups representing their required roles. Okta: * Directory → Groups → (Role group) → People → Assign People Entra ID: * Azure AD → Groups → (Role group) → Members → Add Members *** ### Step 3: Register Trusst AI Application Register a new OIDC web application for Trusst AI. Okta: * Applications → Create App Integration → OIDC → Web Application * Sign-in redirect URI: `https://trusstai.au.auth0.com/login/callback` Entra ID: * Azure AD → App registrations → New Registration * Redirect URI: `https://trusstai.au.auth0.com/login/callback` *Note: Auth0 Client ID and Application ID URI, if required, are provided securely by your Trusst AI integration contact.* *** ### Step 4: Assign Role Groups to the Application Assign previously created role groups to the Trusst AI application. Okta: * Applications → (Trusst AI App) → Assignments → Assign to Groups Entra ID: * Enterprise Applications → (Trusst AI App) → Users and groups → Add user/group *** ### Step 5: Configure Group Claims in ID Token Expose group claims (roles) in the authentication token. Okta: * Applications → (Trusst AI App) → Sign On → OpenID Connect ID Token → Edit * Groups claim type: `Filter` * Filter: `Starts with` → `trusst_ai` Entra ID: * Azure AD → App registrations → (Trusst AI App) → Token configuration → Add groups claim → Security groups *** ### Step 6: Complete Integration and Verification Notify your Trusst AI contact once setup is complete. Verify login with a user assigned to one or more role groups. See [Trusst AI Roles and Permissions](/trusst-resource-centre/product-guides/user-roles-and-permissions.md) for detailed role definitions. Contact Trusst AI support if assistance is required. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.trusst.ai/trusst-resource-centre/product-guides/integrating-your-identity-provider.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.