# Identity Provider Configuration
This article describes how to configure Pomerium to use a third-party identity service for single-sign-on.
There are a few configuration steps required for identity provider integration. Most providers support OpenID Connect which provides a standardized identity and authentication interface.
In this guide we'll cover how to do the following for each identity provider:
- Set a Redirect URL pointing back to Pomerium. For example,
- Generate a Client ID and Client Secret.
- Generate a Service Account for additional IdP Data.
- Configure Pomerium to use the Client ID and Client Secret keys.
- Configure Pomerium to synchronize directory data from your identity provider (e.g. groups membership), by setting a service account.
You must configure an IdP Service Account to write policy against group membership, or any other data that does not uniquely identify an end-user.