diff --git a/migration/20.10/migrate.sh b/migration/20.10/migrate.sh
index 2d57c2720178b7941318c21ee1526b3809163340..09c5afd7fe49d0c1a796f8aeaf2aca470575bf67 100755
--- a/migration/20.10/migrate.sh
+++ b/migration/20.10/migrate.sh
@@ -9,4 +9,5 @@ php ./migrateCustomLang.php
 php ./migrateBasketListDisplay.php
 php ./migrateTemplates.php
 php ./migrateSavedQueries.php
+php ./migrateSsoMapping.php
 php ./migrateCustomXml.php # mettre en dernier
diff --git a/migration/20.10/migrateSsoMapping.php b/migration/20.10/migrateSsoMapping.php
new file mode 100644
index 0000000000000000000000000000000000000000..5419ccadfe14b123d17f083201caa37473f7dc46
--- /dev/null
+++ b/migration/20.10/migrateSsoMapping.php
@@ -0,0 +1,44 @@
+<?php
+
+require '../../vendor/autoload.php';
+
+chdir('../..');
+
+$customs =  scandir('custom');
+
+
+foreach ($customs as $custom) {
+    if (in_array($custom, ['custom.json', 'custom.xml', '.', '..'])) {
+        continue;
+    }
+
+    \SrcCore\models\DatabasePDO::reset();
+    new \SrcCore\models\DatabasePDO(['customId' => $custom]);
+
+    $configuration = [];
+
+    $path = "custom/{$custom}/apps/maarch_entreprise/xml/mapping_sso.xml";
+    if (file_exists($path)) {
+        if (!is_readable($path)) {
+            printf("[ERROR] Fichier {$path} non lisible.\n");
+            continue;
+        }
+        $loadedXml = simplexml_load_file($path);
+
+        if (!empty($loadedXml)) {
+            $configuration['uri'] = (string)$loadedXml->WEB_SSO_URL;
+
+            $configuration['mapping'] = [];
+
+            if (isset($loadedXml->USER_ID)) {
+                $configuration['mapping'][] = [
+                    'ssoId'    => (string)$loadedXml->USER_ID,
+                    'maarchId' => 'login'
+                ];
+            }
+            $configuration = !empty($configuration) ? json_encode($configuration, JSON_UNESCAPED_SLASHES) : '{}';
+            \Configuration\models\ConfigurationModel::create(['privilege' => 'admin_sso', 'value' => $configuration]);
+            printf("Migration mapping SSO (CUSTOM {$custom}) : fichier de configuration mapping_sso.xml trouvé et migré.\n");
+        }
+    }
+}
diff --git a/src/app/configuration/controllers/ConfigurationController.php b/src/app/configuration/controllers/ConfigurationController.php
index 77f540ca0b06011dd7b81f4f9e0e967fa8d91077..3a5cf5fdb74ff9c68ee9d995a1db6c9b6847bb0d 100755
--- a/src/app/configuration/controllers/ConfigurationController.php
+++ b/src/app/configuration/controllers/ConfigurationController.php
@@ -26,7 +26,11 @@ class ConfigurationController
 {
     public function getByPrivilege(Request $request, Response $response, array $args)
     {
-        if (!PrivilegeController::hasPrivilege(['privilegeId' => $args['privilege'], 'userId' => $GLOBALS['id']])) {
+        if (in_array($args['privilege'], ['admin_sso'])) {
+            if (!PrivilegeController::hasPrivilege(['privilegeId' => 'admin_connections', 'userId' => $GLOBALS['id']])) {
+                return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
+            }
+        } elseif (!PrivilegeController::hasPrivilege(['privilegeId' => $args['privilege'], 'userId' => $GLOBALS['id']])) {
             return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
         }
 
@@ -44,7 +48,11 @@ class ConfigurationController
 
     public function update(Request $request, Response $response, array $args)
     {
-        if (!PrivilegeController::hasPrivilege(['privilegeId' => $args['privilege'], 'userId' => $GLOBALS['id']])) {
+        if (in_array($args['privilege'], ['admin_sso'])) {
+            if (!PrivilegeController::hasPrivilege(['privilegeId' => 'admin_connections', 'userId' => $GLOBALS['id']])) {
+                return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
+            }
+        } elseif (!PrivilegeController::hasPrivilege(['privilegeId' => $args['privilege'], 'userId' => $GLOBALS['id']])) {
             return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
         }
 
@@ -93,6 +101,21 @@ class ConfigurationController
             }
 
             $data = ['listDisplay' => $data['listDisplay'], 'listEvent' => $data['listEvent']];
+        } elseif ($args['privilege'] == 'admin_sso') {
+            if (!Validator::notEmpty()->stringType()->validate($data['uri'])) {
+                return $response->withStatus(400)->withJson(['errors' => 'Body uri is empty or not a string']);
+            }
+            if (!Validator::notEmpty()->arrayType()->validate($data['mapping'])) {
+                return $response->withStatus(400)->withJson(['errors' => 'Body mapping is empty or not an array']);
+            }
+            foreach ($data['mapping'] as $key => $mapping) {
+                if (!Validator::notEmpty()->stringType()->validate($mapping['ssoId'])) {
+                    return $response->withStatus(400)->withJson(['errors' => "Body mapping[$key]['ssoId'] is empty or not a string"]);
+                }
+                if (!Validator::notEmpty()->stringType()->validate($mapping['maarchId'])) {
+                    return $response->withStatus(400)->withJson(['errors' => "Body mapping[$key]['maarchId'] is empty or not a string"]);
+                }
+            }
         }
 
         $data = json_encode($data);