Checklist:
NEXT_PUBLIC_CLERK_ENTERPRISE_ENABLED=truein the frontend environment- User email domain is verified on the organization identity config
- Clerk dashboard has SSO connection for that domain
- Callback URLs include
/auth/sso-callback - User selects Continue with SAML SSO and enters the work email (not personal email)
Post-login redirect: returnTo must match the allowlist in auth utilities. Community and VS Code flows preserve query params through SSO.
Test from Settings → Identity → Test login when available.