# Authentication for Private Document The **Settings > Configuration > Authentication for Private Document** window allows you to set parameters for your Aisera tenant. These are settings that apply to any bot you create in your Aisera tenant. ## Authentication method Authentication details for viewing secure content. ### No Authentication | **Type** | Radio button | | ----------- | ------------ | | **Default** | Selected | No description available. ### SSO Authentication | **Type** | Radio button | | ----------- | ------------ | | **Default** | Deselected | No description available. ## SSO configuration ### Login URL | **Type** | Text field | | ------------ | ---------------------------------------------------------- | | **Default** | Empty | | **Requires** | [SSO Authentication](#sso-authentication) must be selected | The URL of your SSO provider's login endpoint. Retrieved from your identity provider (IdP) during SSO application setup. ### ACS URL | **Type** | Text field | | ------------ | ---------------------------------------------------------- | | **Default** | Empty | | **Requires** | [SSO Authentication](#sso-authentication) must be selected | The Assertion Consumer Service (ACS) URL for your Aisera tenant. Provide this URL to your IdP when configuring your SSO application. Your ACS URL follows this format: `https://.login.aisera./aisera/ssoLoginCallback` ### Logout URL | **Type** | Text field | | ------------ | ---------------------------------------------------------- | | **Default** | Empty | | **Requires** | [SSO Authentication](#sso-authentication) must be selected | The URL of your SSO provider's logout endpoint. Retrieved from your IdP during SSO application setup. ### Issuer | **Type** | Text field | | ------------ | ---------------------------------------------------------- | | **Default** | Empty | | **Requires** | [SSO Authentication](#sso-authentication) must be selected | Your tenant's login vanity URL. Use the following format: `https://.login.aisera./` ### Separate Window | **Type** | Checkbox | | ------------ | ---------------------------------------------------------- | | **Default** | Disabled | | **Requires** | [SSO Authentication](#sso-authentication) must be selected | When enabled, the SSO authentication flow opens in a popup window. The user authenticates in the popup and, upon successful authentication, the popup closes and returns control to the main application window. When disabled, the main browser window redirects to the IdP for authentication and then redirects back to Aisera on completion. Use this option if your IdP only supports HTTP Post rather than HTTP Redirect. ### Skip Compression | **Type** | Checkbox | | ------------ | ---------------------------------------------------------- | | **Default** | Disabled | | **Requires** | [SSO Authentication](#sso-authentication) must be selected | When enabled, sends the X509 certificate to the SSO provider in uncompressed form. Some IdPs require the certificate in uncompressed format and will fail authentication if it has been compressed. When disabled, the platform compresses the X509 certificate before sending it to the SSO provider. If you are receiving a SAML error, try enabling this setting. ### X509 Certificate | **Type** | Text field | | ------------ | ---------------------------------------------------------- | | **Default** | Empty | | **Requires** | [SSO Authentication](#sso-authentication) must be selected | The X509 certificate provided by your IdP, used to verify the authenticity of SAML responses. Paste the full certificate value including the header and footer lines. {% hint style="info" %} Make sure your certificate value includes the `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----` lines when pasting. {% endhint %}