# Step 4: Complete your setup {% stepper %} {% step %} ## Define the permissions To manage the user and group permissions in your enterprise, see [managing-the-enterprise-related-permissions](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/managing-enterprise/managing-the-enterprise-related-permissions "mention"). To manage the user and group permissions in an organization, you can: * Define the users and/or groups that can create projects in the organization. See [organization-permissions](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/managing-organization/users-and-permissions/organization-permissions "mention") for more information. * Verify the default permissions on new projects. See [templates](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/managing-organization/manage-org-projects/manage-project-permissions/templates "mention") for more details. {% endstep %} {% step %} ## Invite users to sign in You can now invite users to sign in to SonarQube Cloud with SSO by sending them the enterprise’s login URL. To retrieve the login URL of your enterprise: 1. Retrieve your enterprise. See [retrieving-and-viewing-your-enterprise](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/managing-enterprise/retrieving-and-viewing-your-enterprise "mention") for more details. 2. Go to **Administration** > **SSO & Provisioning**. 3. In **Single Sign-On (SSO via SAML)**, select the copy tool at the right of the SSO login URL field. You can now paste the copied URL to your invite message.
Select the copy tool to copy the SSO URL.
{% endstep %} {% step %} ## Terminate 1. Sign in to SonarQube Cloud with your DevOps Platform (DOP) account and grant your SSO account the Administer Enterprise permissions. See [managing-the-enterprise-related-permissions](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/managing-enterprise/managing-the-enterprise-related-permissions "mention") for more details. 2. If you transitioned from a DevOps platform authentication service to SSO, you can remove the end users’ DOP accounts from the SonarQube Cloud organizations (see [organization-members](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/managing-organization/users-and-permissions/organization-members "mention")) and these users can delete their DOP account within SonarQube Cloud (see [deleting](https://docs.sonarsource.com/sonarqube-cloud/managing-your-account/deleting "mention")). {% hint style="warning" %} We recommend that you keep at least one or a few admin or service user accounts in the DevOps Platform. This is especially crucial if you use Bitbucket Cloud, as you are currently unable to link a SonarQube Cloud organization with a Bitbucket Cloud workspace using an SSO account. {% endhint %} {% endstep %} {% endstepper %} ## Related pages * [saml-sso](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/setup/saml-sso "mention") * [scim](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/setup/scim "mention") * [map-groups](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/setup/map-groups "mention") * [edit-or-delete-sso-setup](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/edit-or-delete-sso-setup "mention") * [troubleshooting](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/enterprise-security/sso-and-provisioning/troubleshooting "mention") * [recovering-enterprise-admin-access](https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/managing-enterprise/recovering-enterprise-admin-access "mention")