# DigitalOcean

[DigitalOcean documentation can be found here.](https://docs.digitalocean.com/platform/teams/how-to/configure-sso/)

Setting up DigitalOcean, requires one extra claim, **Team Role**.&#x20;

**Configure the Team Role claim:**

1. First we need to create a custom field. From the **Users** dropdown menu, click **Custom User Fields**.
2. Click the **Create New Field** button in the top right corner.
3. Enter a **Field Name** example. `DO Team Role`
4. For the **Field Type**, select **Select \[Object]**
5. Enter your team roles in the **Select Values** box, one item per for.
6. Set the remaining fields as you see fit, then click the **Create Custom User Field** button.

You must be the **owner** to enable SSO for your **DigitalOcean team**.

1. Sign into your **DigitalOcean Console**.
2. Navigate to the **Settings** under the **Manage** section.
3. In the Teams tab, scroll down to the Single sign-on (OIDC) section click **Enable** to go to the **Enable single sign-on** page.
4. Provide the values from your Key9 application SSO page:
   1. **OpenID provider URL**: Your provider domain from Key9.
   2. **OpenID client ID**: Client ID from Key9.
   3. **OpenID client secret**: Client secret from Key9.
5. Click **Test SSO config to continue**. (This tests that the Key9 URL is a valid OIDC provider before the next configuration page.)
6. On the **Secure Settings** page, leave the **Require sign-in via SSO only** setting unchecked for now. This is critical for testing. Then, click **Continue**.
7. On the **Summary** page, copy the **SSO sign-in URL**, which looks similar to `https://cloud.digitalocean.com/sessions/sso/<id>`. Paste this into the **Login Url** field in Key9.
8. Click **Enable SSO** to complete the SSO configuration.
9. In Key9 enter `https://cloud.digitalocean.com/sessions/sso/callback` into the **Redirect URI** field.
10. If you have already configured the **Team Role** custom field you can assign that to the **Team Role Claim** now, or you can assign it later.

\-------------------

By default, applications are not active upon creation. Active applications are immediately available to assign groups. Applications should only be activated when you have configured the Service Provider (SP).