Single Sign-On (SSO)
SSO integration is currently in development. Contact your CarBuddy account manager to register your interest and be notified when it's available.
SSO allows your team to log in to the CarBuddy portal using your existing company identity provider (e.g. Azure AD, Okta, Google Workspace) — no separate password required.
Supported protocols
CarBuddy SSO will support:
| Protocol | Standard | Typical providers |
|---|---|---|
| SAML 2.0 | Industry standard, XML-based | Azure AD, Okta, ADFS, PingIdentity |
| OIDC | OpenID Connect, OAuth 2.0-based | Google Workspace, Okta, Azure AD |
How it will work
- Your IT team configures CarBuddy as a service provider (SP) in your identity provider
- CarBuddy registers your identity provider against your account
- Your users visit
portal.carbuddyai.comand are redirected to your company login page - On successful login, they are returned to the portal with the correct role and location access — no account needed per user
User roles (client, group_user, location_user) are mapped from your identity provider's group claims, so access is managed centrally from your IdP.
What to prepare
If you'd like to be ready when SSO launches, gather the following from your IT team:
For SAML 2.0
| Item | Description |
|---|---|
| IdP Metadata URL | A URL that serves your identity provider's SAML metadata XML |
| Entity ID | Your IdP's unique identifier (e.g. https://sts.windows.net/<tenant-id>/) |
| SSO URL | The redirect URL where CarBuddy sends authentication requests |
| Signing certificate | Your IdP's public certificate for verifying SAML assertions |
| NameID format | How users are identified — typically emailAddress |
For OIDC
| Item | Description |
|---|---|
| Issuer URL | Your IdP's discovery endpoint (e.g. https://accounts.google.com) |
| Client ID | Issued by your IdP when you register CarBuddy as an application |
| Client Secret | Issued alongside the Client ID |
| Allowed redirect URI | CarBuddy will provide this: https://portal.carbuddyai.com/auth/callback |
Common identity provider guides
Azure Active Directory (Entra ID)
- In Azure Portal, go to Entra ID → Enterprise applications → New application
- Choose Create your own application, name it
CarBuddy Portal, select Integrate any other application you don't find in the gallery - Go to Single sign-on → SAML
- Set Identifier (Entity ID):
https://portal.carbuddyai.com - Set Reply URL:
https://portal.carbuddyai.com/auth/saml/callback - Download the Federation Metadata XML and send it to your CarBuddy account manager
- Assign users or groups in the Users and groups tab
Okta
- In Okta Admin, go to Applications → Create App Integration
- Select SAML 2.0
- Set Single sign-on URL:
https://portal.carbuddyai.com/auth/saml/callback - Set Audience URI:
https://portal.carbuddyai.com - Set Name ID format:
EmailAddress - Download the Identity Provider metadata and send it to your CarBuddy account manager
Google Workspace
- In Google Admin Console, go to Apps → Web and mobile apps → Add app → Add custom SAML app
- Name the app
CarBuddy Portal - Download the IdP metadata on the Google IdP Information screen
- Set ACS URL:
https://portal.carbuddyai.com/auth/saml/callback - Set Entity ID:
https://portal.carbuddyai.com - Send the downloaded metadata to your CarBuddy account manager
Pricing and availability
SSO will be available on the Business and Enterprise tiers. Existing clients on affected tiers will be contacted directly when the feature launches.
To register your interest or discuss your specific IdP setup, contact us.