# Configure an External User Info Endpoint

1. Click the <i class="fa-gear">:gear:</i> **App Settings** icon in the navigation menu.
2. If you are modifying an existing IAM, click the name of the IAM. If you are creating a new IAM, click **Add IAM**.
3. Check the **External Groups and Authorizations Endpoint** checkbox.
4. In the **External User Info URI** field, enter the full path to your custom HTTP endpoint.
5. Optionally, check the **Use Authentication** checkbox and provide the username and password with which Immuta should authenticate when querying the user info endpoint. Immuta will subsequently send requests to the service with a **Basic** authorization header.
6. Enable SSL by checking the **Enable SSL** checkbox.
7. If SSL is enabled and your service requires SSL certificate validation, opt to check the **Require SSL Request Cert**. This step will require that you upload three files:
   * The SSL key file (`*.pem`)
   * The SSL cert file (`*.pem`)
   * The SSL CA file (`*.pem`)
8. **Save** your configuration.