# Identity Provider Configuration
This article describes how to configure Pomerium to use a third-party identity service for single-sign-on.
There are a few configuration steps required for identity provider integration. Most providers support OpenID Connect which provides a standardized identity and authentication interface.
In this guide we'll cover how to do the following for each identity provider:
- Set a Redirect URL pointing back to Pomerium. For example,
https://${authenticate_service_url}/oauth2/callback. - Generate a Client ID and Client Secret.
- Generate a Service Account for additional IdP Data.
- Configure Pomerium to use the Client ID and Client Secret keys.
- Configure Pomerium to synchronize directory data from your identity provider (e.g. groups membership), by setting a service account.
WARNING
You must configure an IdP Service Account to write policy against group membership, or any other data that does not uniquely identify an end-user.
← From Source Azure AD →