> ## Documentation Index
> Fetch the complete documentation index at: https://www.c1.ai/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Create a C1 tenant

> Follow this step-by-step guide to creating a new C1 tenant.

## Before you begin

To complete this guide, you'll need:

* A C1 enrollment code (if you don't have an enrollment code, contact [support@c1.ai](mailto:support@c1.ai))
* Ability to create an SSO app in the IdP (if using Okta, OneLogin, or JumpCloud)

**Estimated time:** 15 minutes

## Step 1: Register your C1 domain

<Steps>
  <Step>
    Go to [https://accounts.conductor.one/accounts/signup](https://accounts.conductor.one/accounts/signup).
  </Step>

  <Step>
    In the **Domain** field, enter the domain you want to use for your C1 instance.

    For example, if you work at Acme Co., enter `acmeco` to create an `acmeco.conductor.one` domain.
  </Step>

  <Step>
    In the **Display name** field, enter the name of your company.
  </Step>

  <Step>
    In the **Invite code** field, paste in the invite code you received from C1. The code is case-sensitive.
  </Step>

  <Step>
    Click **Sign up with \[your SSO provider]**.
  </Step>
</Steps>

## Step 2: Authenticate with your SSO provider

Jump to the instructions for your SSO provider:

<Columns cols={2}>
  <Card title="Google" icon="google" horizontal href="/product/how-to/qs-set-up-c1#authenticate-with-google" />

  <Card title="Okta" icon="cube" horizontal href="/product/how-to/qs-set-up-c1#authenticate-with-okta" />

  <Card title="OneLogin" icon="user-check" horizontal href="/product/how-to/qs-set-up-c1#authenticate-with-onelogin" />

  <Card title="JumpCloud" icon="shield-check" horizontal href="/product/how-to/qs-set-up-c1#authenticate-with-jumpcloud" />

  <Card title="Microsoft" icon="microsoft" horizontal href="/product/how-to/qs-set-up-c1#authenticate-with-microsoft" />

  <Card title="PingOne" icon="shield-check" horizontal href="/product/how-to/qs-set-up-c1#authenticate-with-pingone" />

  <Card title="Open ID Connect (OIDC)" icon="code" horizontal href="/product/how-to/qs-set-up-c1#authenticate-with-generic-openid-connect" />
</Columns>

## Authenticate with Google

When prompted to login, click your corporate account and continue logging in.

Google will now re-authenticate you, if needed, and log you in to C1.

## Authenticate with Okta

### Step 1: Add the C1 app in Okta

First, add the C1 app to Okta.

<Steps>
  <Step>
    In a new browser tab, navigate to the [Okta admin console](https://www.okta.com/login/) and click **Applications** > **Applications** > **Browse App Catalog**.
  </Step>

  <Step>
    Search for "C1" and select the C1 app, then click **Add Integration**.
  </Step>

  <Step>
    In the **Subdomain** field, enter the domain you chose for your C1 instance.
  </Step>

  <Step>
    Select whether you want to make the C1 application visible to users, then click **Done**.
  </Step>
</Steps>

### Step 2: Assign users to the Okta app

Next, assign the C1 app to an Okta user or group so the user or group can access and use the app.

<Warning>
  If you do not assign the Okta app to yourself, you will receive an error at login and your C1 tenant will not be created!
</Warning>

<Steps>
  <Step>
    Still in the Okta admin console, click the C1 app's **Assignments** tab.
  </Step>

  <Step>
    Click **Assign** and select either **Assign to People** or **Assign to Groups**.
  </Step>

  <Step>
    Locate the user or group you want to assign the app integration to and click **Assign**.
  </Step>

  <Step>
    Confirm that the data is correct in the **Assign C1 to** dialog.
  </Step>

  <Step>
    Click **Save and Go Back**. The **Assigned** button for the user or group is disabled to indicate the app integration is assigned.
  </Step>

  <Step>
    If necessary, repeat steps 2-6 to assign the C1 app to additional users or groups.
  </Step>

  <Step>
    Click **Done**.
  </Step>
</Steps>

### Step 3: Input OAuth credentials into Okta C1 app

In this step, you'll configure the SSO settings for the C1 app in Okta. To complete this step you'll move back and forth between your Okta tab and the C1 registration tab.

<Steps>
  <Step>
    In Okta, click **Applications** > **Applications** > **C1** to return to the new C1 application's details screen.
  </Step>

  <Step>
    Copy your Okta domain (such as `acmeco.okta.com`) from the browser's address bar and paste your Okta domain into the **Okta domain** field in C1.
  </Step>

  <Step>
    In Okta, click the **Sign On** tab. Copy the C1 app's client ID by clicking the **Copy to clipboard** icon.
  </Step>

  <Step>
    In C1, paste the client ID into the **Client ID** field.
  </Step>

  <Step>
    In Okta, copy the C1 app's client secret by clicking the **Copy to clipboard** icon, then paste the client secret into the **Client secret** field in C1.
  </Step>

  <Step>
    In C1, click **Sign up with Okta**.
  </Step>
</Steps>

Okta will guide you through the SSO sign-in process and redirect you to the C1 dashboard.

## Authenticate with OneLogin

### Step 1: Create an OIDC app in OneLogin

<Steps>
  <Step>
    In a new browser tab, navigate to the [OneLogin](https://app.onelogin.com/login) administration portal and click **Apps**.
  </Step>

  <Step>
    Click **Add App**.
  </Step>

  <Step>
    Search for "OpenID Connect" or "oidc" and click **OpenId Connect (OIDC)**.
  </Step>

  <Step>
    Enter the following information in the specified fields:

    * Display name: **C1**
    * (Optional) Logo:

    <Frame caption="Right click to copy.">
      <img src="https://mintcdn.com/conductorone/SQIAionLGeufJbw0/images/product/assets/c1-logo.png?fit=max&auto=format&n=SQIAionLGeufJbw0&q=85&s=c7c51bb20ddc40346d95caeb69d995fc" alt="C1 logo" width="1920" height="905" data-path="images/product/assets/c1-logo.png" />
    </Frame>
  </Step>

  <Step>
    Click **Save**.
  </Step>

  <Step>
    On the **Configuration** tab, fill out the specified fields as follows:

    * Login Url: Leave this field blank
    * Redirect URI's: Enter `https://accounts.conductor.one/auth/callback`
    * Post Logout Redirect URIs: Leave this field blank
  </Step>

  <Step>
    On the **SSO** tab, make the following selections:

    * Application Type: **Web**
    * Authentication Method: **POST**
  </Step>
</Steps>

### Step 2: Configure the SSO settings on the OneLogin C1 app

In this step, you'll configure the SSO settings for the C1 app in OneLogin. To complete this step you'll move back and forth between your OneLogin tab and the C1 registration tab.

<Steps>
  <Step>
    In OneLogin, copy your OneLogin domain (such as `acmeco.onelogin.com`) from the browser's address bar.
  </Step>

  <Step>
    In C1, paste your OneLogin domain into the **OneLogin domain** field.
  </Step>

  <Step>
    In OneLogin, on the **SSO** tab, copy the C1 app's Client ID.
  </Step>

  <Step>
    In C1, paste the Client ID into the **Client ID** field.
  </Step>

  <Step>
    In OneLogin, copy the C1 app's Client Secret.
  </Step>

  <Step>
    In C1, paste the Client Secret into the **Client secret** field.
  </Step>

  <Step>
    In C1, click **Sign up with OneLogin**. OneLogin will now guide you through the SSO sign-in process and redirect you to the C1 dashboard.
  </Step>
</Steps>

### Step 3: Assign users to the OneLogin C1 app

Lastly, give your colleagues access to C1 via OneLogin SSO by adding the new C1 app to one or more OneLogin user groups.

<Steps>
  <Step>
    In the OneLogin admin portal, navigate to **User Groups**.
  </Step>

  <Step>
    Select the existing user group you'd like to give access to C1 (or create a new user group by clicking the **Create** button).
  </Step>

  <Step>
    Click **Applications** and select **C1**.
  </Step>

  <Step>
    Click **Save**.
  </Step>
</Steps>

## Authenticate with JumpCloud

### Step 1: Create an OIDC app in JumpCloud

<Steps>
  <Step>
    In a new browser tab, navigate to the [JumpCloud Admin Portal](https://console.jumpcloud.com/login) and click **User authentication** > **SSO**.
  </Step>

  <Step>
    Click **+ Add New Application**.
  </Step>

  <Step>
    Scroll to the bottom of the window and click **Custom OIDC App**.
  </Step>

  <Step>
    Enter the following information in the specified fields:

    * Display Label: **C1**
    * (Optional) Logo:

    <Frame caption="Right click to copy.">
      <img src="https://mintcdn.com/conductorone/SQIAionLGeufJbw0/images/product/assets/c1-logo.png?fit=max&auto=format&n=SQIAionLGeufJbw0&q=85&s=c7c51bb20ddc40346d95caeb69d995fc" alt="C1 logo" width="1920" height="905" data-path="images/product/assets/c1-logo.png" />
    </Frame>
  </Step>

  <Step>
    Click **Save**.
  </Step>

  <Step>
    On the **SSO** tab, fill out the specified fields as follows:

    * Redirect URIs: Enter `https://accounts.conductor.one/auth/callback`
    * Client Authentication Type: Client Secret POST
    * Login URL: `https://YOUR_DOMAIN.conductor.one/login?sso_operation=initiate_login` (use the C1 domain you chose in Step 1)
  </Step>

  <Step>
    In the **User Attribute Mapping** section, enter `email` in the **Service Provider Attribute Name** field and select `email` in the **JumpCloud Attribute Name** field, then click **Add Attribute**.
  </Step>

  <Step>
    On the **User Groups** tab, select one or more groups to assign access to C1.
  </Step>

  <Step>
    Click **Activate**. Leave the **Application Saved** popup that displays the Client ID and the Client Secret fields open. You'll use these values in the next step.
  </Step>
</Steps>

### Step 2: Configure OIDC settings on the JumpCloud C1 app

In this step, you'll configure the SSO settings for the C1 app in OneLogin. To complete this step you'll move back and forth between your JumpCloud tab and the C1 registration tab.

<Steps>
  <Step>
    In JumpCloud, copy the C1 app's Client ID from the **Application Saved** popup.
  </Step>

  <Step>
    In C1, paste the Client ID into the **Client ID** field.
  </Step>

  <Step>
    In JumpCloud, copy the C1 app's client secret and paste it into the **Client secret** field in C1.
  </Step>

  <Step>
    In C1, click **Sign up with JumpCloud**. JumpCloud will now guide you through the SSO sign-in process and redirect you to the C1 dashboard.
  </Step>
</Steps>

### Step 3: Grant users access and login

Lastly, give your colleagues access to C1 via JumpCloud SSO by adding the new C1 app to a JumpCloud user group.

<Steps>
  <Step>
    In the JumpCloud Admin Portal, navigate to **User Groups**.
  </Step>

  <Step>
    Select the existing user group you'd like to give access to C1 (or create a new user group by clicking the **Create** button).
  </Step>

  <Step>
    Click **Applications** and select **C1**.
  </Step>

  <Step>
    Click **Save**.
  </Step>
</Steps>

## Authenticate with Microsoft

<Steps>
  <Step>
    When prompted to authenticate with Microsoft, select your corporate account.
  </Step>

  <Step>
    Review the permissions requested by C1. These permissions are needed to establish the SSO link between Microsoft and C1.

    * If you have the correct permission level in Microsoft, check the box to **Consent on behalf of your organization**. This enables the requested C1 permissions for all users in your organization.
    * If you do not have the permissions needed to check the box, before other users attempt to sign into C1 using SSO, direct your Microsoft administrator to manage permissions for the C1 application in by navigating to **Enterprise applications** > **C1 SSO** > **Permissions** and clicking **Grant admin consent for ...**.
  </Step>

  <Step>
    Click **Accept**.
  </Step>
</Steps>

Microsoft will now guide you through the SSO sign-in process and redirect you to the C1 dashboard.

## Authenticate with PingOne

### Step 1: Create an OIDC app in PingOne

<Steps>
  <Step>
    In a new browser tab, log into your PingOne Administration console and navigate to **Applications** > **Applications**.
  </Step>

  <Step>
    Click the **+** (plus sign) to create a new application.
  </Step>

  <Step>
    Enter the following information in the specified fields:

    * Application name: **C1**
    * (Optional) Logo:

    <Frame caption="Right click to copy.">
      <img src="https://mintcdn.com/conductorone/SQIAionLGeufJbw0/images/product/assets/c1-logo.png?fit=max&auto=format&n=SQIAionLGeufJbw0&q=85&s=c7c51bb20ddc40346d95caeb69d995fc" alt="C1 logo" width="1920" height="905" data-path="images/product/assets/c1-logo.png" />
    </Frame>
  </Step>

  <Step>
    In the **Application Type** area of the page, select **OIDC Web App**.
  </Step>

  <Step>
    Click **Save**.
  </Step>

  <Step>
    On the **Configuration** tab, click **Edit** and fill out the specified fields as follows:

    * Token Endpoint Authentication Method: Client Secret Post
    * Redirect URI's: Enter `https://accounts.conductor.one/auth/callback`
    * Initiate Login URI: Enter `https://your_domain.conductor.one/login`
  </Step>

  <Step>
    Click **Save**.
  </Step>

  <Step>
    At the top of the page, click the toggle to enable the new application.
  </Step>

  <Step>
    Return to the **Configuration** tab and carefully copy and save the new app's **Client ID**, **Client secret**, and **Environment ID**. You'll use these in the Step 2.
  </Step>
</Steps>

### Step 2: Configure the SSO settings on the OneLogin C1 app

<Steps>
  <Step>
    Back in the C1 setup tab, paste the **Client ID**, **Client secret**, and **Environment ID** into the form at the right of the page.
  </Step>

  <Step>
    Click **Sign up with PingOne**. PingOne will now guide you through the SSO sign-in process and redirect you to the C1 dashboard.
  </Step>
</Steps>

## Authenticate with generic OpenID Connect

### Step 1: Create an OIDC app in your identity provider

<Steps>
  <Step>
    In a new browser tab, log into your identity provider and create a new OIDC application.

    * Configure the redirect URI to use `https://accounts.conductor.one/auth/callback`.
    * Ensure the authorization code flow is enabled.
  </Step>

  <Step>
    Gather OIDC credentials to pass to C1:

    * Issuer URL (the base URL of your OIDC provider)
    * Client ID
    * Client secret
    * Optional: Additional scopes beyond openid, profile, and email
  </Step>

  <Step>
    Back in the C1 setup tab, paste the **Issuer URL**, **Client ID**, **Client secret**, and any **OIDC scopes** into the relevant fields in the form at the right of the page.
  </Step>

  <Step>
    Click **Sign up with OIDC**. Your identity provider will now guide you through the SSO sign-in process and redirect you to the C1 dashboard.
  </Step>
</Steps>

## Success!

Your C1 tenant is created and you are logged in!

See our other getting started guides to move through the product and get on the fast track to modern governance.