# Configure Feishu SSO for Verdent Team (/docs/account-billing/configure-feishu-sso)

> Connect Feishu to Verdent Team for centralized enterprise sign-in



Verdent Team supports Feishu single sign-on (SSO). Once configured, members with an approved corporate email domain can verify their identity with their company Feishu account.

Feishu SSO lets your team use its existing identity system, reduces separate credentials, and gives the Team Owner one place to manage access.

<Note>
  This guide is for Verdent Team Owners. Only a Team Owner can access Team settings and manage SSO.
</Note>

## How Feishu SSO works [#how-feishu-sso-works]

The Team Owner creates a custom enterprise app in the Feishu Open Platform, then adds its credentials and corporate email domains to Verdent Team.

When a member enters a matching corporate email on the Verdent sign-in page, Verdent sends them to Feishu for authorization and verifies the email returned by Feishu.

<Warning>
  Members must have a corporate email in the Feishu directory. Members without one cannot sign in through Feishu SSO.
</Warning>

## Before you begin [#before-you-begin]

You need:

* A Feishu enterprise administrator account that can create custom apps
* Owner access to the Verdent Team
* Your team's corporate email domain, such as `yourcompany.com`

Setup usually takes about 5 minutes.

## Open the SSO settings [#open-the-sso-settings]

1. Sign in to Verdent and switch to the Team you want to configure.
2. Open **Settings** in the Team console.
3. Select **SSO**.
4. Click **Connect SSO**.

Keep Verdent and the Feishu Open Platform open while you complete the setup.

## Configure the Feishu app [#configure-the-feishu-app]

<Steps>
  <Step title="Create a custom enterprise app">
    Open the [Feishu Open Platform](https://open.feishu.cn/app), enter the **Developer Console**, and click **Create custom enterprise app**. Enter a name, upload an icon, and create the app.
  </Step>

  <Step title="Get the app credentials">
    Open **Credentials & Basic Info** and locate the App ID and App Secret:

    | Feishu credential | Verdent SSO field |
    | ----------------- | ----------------- |
    | **App ID**        | `Client ID`       |
    | **App Secret**    | `Client Secret`   |

    <Warning>
      Treat the App Secret as a password. If you reset it in Feishu, update the `Client Secret` in Verdent.
    </Warning>
  </Step>

  <Step title="Add the redirect URL">
    Open **Development Configuration → Security Settings** and add this **Redirect URL**:

    ```text
    https://login.verdent.ai/passport/sso/callback
    ```

    <Warning>
      The URL must match exactly: use `https`, do not add a trailing `/`, and remove surrounding spaces. An incorrect value causes Feishu error `20029`.
    </Warning>
  </Step>

  <Step title="Grant permissions">
    Open **Development Configuration → Permissions** and grant:

    | Permission                  | Scope                         |
    | --------------------------- | ----------------------------- |
    | Read basic user information | `contact:user.base:readonly`  |
    | Read user email information | `contact:user.email:readonly` |

    Verdent uses these permissions to identify members by name and corporate email.
  </Step>

  <Step title="Publish the app">
    Open **Version Management & Release**, create a version, and submit it for release. Members can use the app only after it is published.
  </Step>
</Steps>

## Complete the connection in Verdent [#complete-the-connection-in-verdent]

Return to the Feishu SSO configuration in Verdent and enter:

| Verdent field   | Value                  |
| --------------- | ---------------------- |
| `Client ID`     | Feishu App ID          |
| `Client Secret` | Feishu App Secret      |
| `Email domain`  | Corporate email domain |

You can add up to 5 corporate domains. Public domains such as Gmail are not supported.

Save the configuration and confirm that Feishu SSO is enabled on its configuration card. You can disable it temporarily without deleting the connection.

<Note>
  Verdent validates the credentials when saving, but not the redirect URL configured in Feishu.
</Note>

## Member sign-in experience [#member-sign-in-experience]

After SSO is enabled, members:

1. Enter an email from a configured domain on the Verdent sign-in page.
2. Confirm that they want to continue with SSO.
3. Authorize access in Feishu.
4. Return to Verdent after authorization.

If the entered email differs from the corporate email returned by Feishu, Verdent asks the member to confirm the Feishu email and uses it for authentication.

## Test and manage the configuration [#test-and-manage-the-configuration]

Before rolling SSO out to everyone, test it with a regular member whose Feishu account has a corporate email. Sign out, enter that email, complete Feishu authorization, and confirm that the member returns to Verdent and can access the Team.

From **Team → Settings → SSO**, the Team Owner can view domains and connection status, enable or disable SSO, update credentials, reconfigure a failed connection, or delete it.

## Troubleshooting [#troubleshooting]

<AccordionGroup>
  <Accordion title="Feishu error 20029: Invalid redirect URL">
    In Feishu, open **Development Configuration → Security Settings** and confirm that `https://login.verdent.ai/passport/sso/callback` was added exactly as shown.
  </Accordion>

  <Accordion title="Verdent says the Client ID or Client Secret is invalid">
    Copy the App ID and App Secret again from **Credentials & Basic Info**. If the secret was reset, use the latest value.
  </Accordion>

  <Accordion title="The app is unavailable during sign-in">
    Confirm that you created and published a version under **Version Management & Release**.
  </Accordion>

  <Accordion title="The email is empty after sign-in">
    Add a corporate email to the member's profile in the Feishu directory, then try again.
  </Accordion>

  <Accordion title="The member is not sent to Feishu SSO">
    Confirm that the email matches a configured domain and that Feishu SSO is enabled in Verdent.
  </Accordion>
</AccordionGroup>
