# Signing in As an SSO User

As a user with permission to use the single sign-in method for multiple accounts, you access the sign-in page through a link provided by the account owner or administrator.

The account owner or an administrator can copy the sign-in URL from the Sign-in Settings page.

![](/assets/image2023-8-3_11-20-38.561318ed26180fede8fb3844a7fd1062a984383aef5e8cc862a25878627ae2a5.f0cddcd7.png)

After logging in, a user establishes a session with the platform. Use session security to limit exposure to your network when a user leaves the computer unattended while still logged in. Session security also limits the risk of internal attacks, such as when one employee tries to use another employee's session.

From the login configuration, you can control when an inactive user session expires. When the session timeout is reached, users are prompted with a dialog that allows them to log out or continue working. If they don't respond to this prompt, they are logged out.

![](/assets/sso-session-timeout-dialog.2385245f51ed73beccb3da5d808cc100c3034bb2b1dafdf80e947e5573543f6c.f0cddcd7.png)

* [Limitation](/products/control-panel/security/sign-in-settings/signing-in-as-an-sso-user#limitation)
* [Requirement](/products/control-panel/security/sign-in-settings/signing-in-as-an-sso-user#requirement)
* [Signing into TD Console from the Sign-In URL](/products/control-panel/security/sign-in-settings/signing-in-as-an-sso-user#signing-into-td-console-from-the-sign-in-url)
* [Signing Out of TD Console](<signing-in-as-an-sso-user.md#signing-in-as-an-sso-user)


## Limitation

* If you are enabled for SSO, you cannot change your sign-in method. The account owner or administrator must change the sign-in method. See [Changing the Sign-in Mode of a User](/products/control-panel/security/sign-in-settings/configuring-sso-in-td-console).
* If you add a new user on TD for SSO, you set your IdP’s identifier (i.e email address, employee ID) for the user. In this case, the user doesn't receive an invitation email when they are registered.


## Requirement

[Session timeout must be defined](/products/control-panel/security/sign-in-settings/setting-session-timeout-for-sso) using your identity provider.

## Signing into TD Console from the Sign-In URL

The browser that you use when you log into TD Console might enable you to log in again without re-authenticating, based on the way authentication is handled at the IdP. It is recommended that you set up session timeout intervals. Administrators should advise all of their account users to also close the browser after logging out of TD Console.

1. Select the sign-in URL link provided to you.
2. Enter your email or ID, as indicated in the sign-in pane of your Identity Provider (IdP). The following is an example of Microsoft Azure:


![](/assets/ssologinazure.e88354e0ee5648bf979fc1b32d9e4e6990db93a7f5d8612c7faf62095a2c9517.f0cddcd7.png)

After authentication, you enter into your Treasure Data account.

1. Optionally, you can verify your sign-in method by looking at your profile in **My Settings**.


![](/assets/image2023-3-31_11-32-39.243d189cbb913dc61212e5cfe261a591a7677fa2c9a86e17fa14e195eeca4807.f0cddcd7.png)
4. Optionally, you can copy the URL to your IdP sign-in page if you want to bookmark or otherwise use the IdP sign-in page.

# Signing Out of TD Console

1. Log out of TD Console.
2. Close the browser for increased security.