Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.unstructured.io/llms.txt

Use this file to discover all available pages before exploring further.

The following information applies only to dedicated instance and in-VPC deployments of Unstructured Business.IdP integration is not available for Unstructured Let’s Go, Pay-As-You-Go, or Business SaaS accounts.
You can connect your organization’s identity provider (IdP) to your Unstructured deployment through the Unstructured UI. After you connect your IdP, a single sign-on (SSO) option appears on your deployment’s login page, and your IdP group memberships are available for access control.

Prerequisites

You need site admin access to your Unstructured deployment and admin access to your organization’s IdP. If you don’t have site admin access, contact your Unstructured account team to have it provisioned. To learn how to designate site administrators through your IdP, see Site administrator access. The setup is a two-step exchange between Unstructured and your IdP. First, Unstructured generates a redirect URL when you enter an alias. You take that URL to your IdP and use it to register a new application. The application registration gives you the credentials you bring back to finish the connection in Unstructured. No credentials are shared with Unstructured outside of this UI flow. For OIDC, you will collect the following from your IdP application:
  • Client ID
  • Client secret
  • Authorization URL
  • Token URL
  • JWKS URL
For SAML, you will collect the following from your IdP application:
  • SSO URL
  • Signing certificate

Add an identity provider

  1. If you are not already signed in, sign in to your Unstructured account as a site admin.
  2. In the bottom-left corner, click your profile icon.
  3. Click Site Settings.
  4. On the Identity Provider Configuration page, click New Identity Provider +.
  5. In the Alias field, enter a short, lowercase name to identify this IdP (for example, okta-prod).
  6. A redirect URL is generated based on your alias. Click the copy icon to copy this URL.
    Paste this URL into your IdP provider’s redirect or callback URI configuration before continuing.
  7. Click Continue.
  8. Under Configuration, select OIDC or SAML to match your IdP application’s protocol.
  9. If you selected OIDC, enter the following:
    • Authorization URL: The authorization endpoint from your IdP.
    • Token URL: The token endpoint from your IdP.
    • Client ID: The client ID from your IdP application.
    • Client Secret: The client secret from your IdP application.
    • JWKS URL: The JWKS endpoint from your IdP.
  10. If you selected SAML, enter the following:
    • SSO URL: The single sign-on URL from your IdP.
    • Signing Certificate: Paste the signing certificate from your IdP.
  11. Optionally, expand Advanced settings to configure additional options.
  12. Click Save Identity Provider.
For OIDC configurations, the client secret is hidden after you save. You cannot view it again.
After you save, a new SSO login option appears on your deployment’s login page.

Update an identity provider

  1. If you are not already signed in, sign in to your Unstructured account as a site admin.
  2. In the bottom-left corner, click your profile icon.
  3. Click Site Settings.
  4. On the Identity Provider Configuration page, click the IdP you want to update.
  5. Update the fields as needed.
  6. Click Save Identity Provider.

Next steps