# DigitalOcean

[DigitalOcean documentation can be found here.](https://docs.digitalocean.com/platform/teams/how-to/configure-sso/)

Setting up DigitalOcean, requires one extra claim, **Team Role**.&#x20;

**Configure the Team Role claim:**

1. First we need to create a custom field. From the **Users** dropdown menu, click **Custom User Fields**.
2. Click the **Create New Field** button in the top right corner.
3. Enter a **Field Name** example. `DO Team Role`
4. For the **Field Type**, select **Select \[Object]**
5. Enter your team roles in the **Select Values** box, one item per for.
6. Set the remaining fields as you see fit, then click the **Create Custom User Field** button.

You must be the **owner** to enable SSO for your **DigitalOcean team**.

1. Sign into your **DigitalOcean Console**.
2. Navigate to the **Settings** under the **Manage** section.
3. In the Teams tab, scroll down to the Single sign-on (OIDC) section click **Enable** to go to the **Enable single sign-on** page.
4. Provide the values from your Key9 application SSO page:
   1. **OpenID provider URL**: Your provider domain from Key9.
   2. **OpenID client ID**: Client ID from Key9.
   3. **OpenID client secret**: Client secret from Key9.
5. Click **Test SSO config to continue**. (This tests that the Key9 URL is a valid OIDC provider before the next configuration page.)
6. On the **Secure Settings** page, leave the **Require sign-in via SSO only** setting unchecked for now. This is critical for testing. Then, click **Continue**.
7. On the **Summary** page, copy the **SSO sign-in URL**, which looks similar to `https://cloud.digitalocean.com/sessions/sso/<id>`. Paste this into the **Login Url** field in Key9.
8. Click **Enable SSO** to complete the SSO configuration.
9. In Key9 enter `https://cloud.digitalocean.com/sessions/sso/callback` into the **Redirect URI** field.
10. If you have already configured the **Team Role** custom field you can assign that to the **Team Role Claim** now, or you can assign it later.

\-------------------

By default, applications are not active upon creation. Active applications are immediately available to assign groups. Applications should only be activated when you have configured the Service Provider (SP).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.k9.io/key9-identity/web/marketplace/digitalocean.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.