Home
Learn
Certify
Standards
Community
Summit
Research
Platforms
Enterprise
Sign InJoin IFO4
← All Features

SSO & Identity Integration

SAML 2.0, OIDC, and SCIM integration with every major identity provider. Setup in under 30 minutes with our guided configuration wizard.

Supported Protocols

Enterprise identity protocols

SAML 2.0

Industry-standard Security Assertion Markup Language for enterprise SSO. Supports SP-initiated and IdP-initiated login flows with signed assertions and encrypted name IDs.

  • SP-initiated and IdP-initiated SSO
  • Signed assertions (RSA-SHA256)
  • Encrypted NameID support
  • Single Logout (SLO)
  • Metadata exchange (URL and XML)
  • Multiple certificate rotation

OpenID Connect

Modern OAuth 2.0 based identity protocol. Supports Authorization Code flow with PKCE for maximum security. Compatible with any OIDC-compliant identity provider.

  • Authorization Code + PKCE flow
  • ID Token validation (RS256)
  • UserInfo endpoint integration
  • Custom scope mapping
  • Token refresh and revocation
  • Dynamic client registration

SCIM 2.0

System for Cross-domain Identity Management for automated user lifecycle management. Automatically provision, update, and deprovision users as changes occur in your identity provider.

  • User create, update, delete
  • Group membership sync
  • Schema extension support
  • Bulk operations
  • Change detection via ETags
  • Filter and pagination support
Setup Guides

Identity provider setup walkthrough

Okta

SAML 2.0 / OIDCSetup: < 15 minutesSCIM Supported
1Navigate to Okta Admin Console
2Create new SAML 2.0 application
3Configure SSO URL and Entity ID from IFO4 settings
4Map user attributes (email, firstName, lastName, role)
5Assign users and groups
6Enable SCIM provisioning (optional)

Azure Active Directory

SAML 2.0 / OIDCSetup: < 20 minutesSCIM Supported
1Open Azure Portal > Enterprise Applications
2Add new application from gallery or custom
3Configure SAML settings with IFO4 metadata URL
4Set up attribute mapping for user claims
5Configure conditional access policies
6Enable automated provisioning via SCIM

Google Workspace

SAML 2.0Setup: < 15 minutes
1Open Google Admin Console > Apps > SAML Apps
2Add custom SAML application
3Download IFO4 metadata and upload to Google
4Configure attribute mapping
5Turn on for organizational units
6Test SSO login flow

OneLogin

SAML 2.0 / OIDCSetup: < 15 minutesSCIM Supported
1Navigate to OneLogin Administration
2Add application using IFO4 connector
3Configure SAML connection parameters
4Map user attributes and roles
5Set up provisioning rules
6Assign users via OneLogin policies

PingIdentity

SAML 2.0 / OIDCSetup: < 20 minutesSCIM Supported
1Create application in PingOne console
2Select SAML or OIDC protocol
3Import IFO4 service provider metadata
4Configure attribute contracts
5Set authentication policies
6Enable user provisioning
Access Control

Role-based access control (RBAC)

Organization Admin

Full platform access including user management, SSO configuration, billing, and all data

Scope: Organization-wide

FinOps Lead

Full access to cost data, recommendations, governance policies, and reporting across all accounts

Scope: All accounts

Team Lead

Cost data access for assigned teams/accounts. Create budgets, dashboards, and reports within scope

Scope: Assigned teams

Analyst

Read access to cost data and recommendations. Create personal dashboards and export data

Scope: Assigned accounts

Viewer

Read-only access to shared dashboards and reports. No data export or configuration access

Scope: Shared content only

API Service Account

Programmatic access with configurable scopes. Rate limits per service account with audit logging

Scope: Configurable
Security Features

Enterprise identity security

Multi-Factor Authentication

Enforce MFA for all users with support for TOTP authenticator apps, SMS, and hardware security keys (FIDO2/WebAuthn). Configurable per-role MFA requirements.

IP Allowlisting

Restrict platform access to approved IP ranges and CIDR blocks. Support for VPN and corporate network ranges with automatic violation alerting.

Session Management

Configurable session timeouts from 15 minutes to 24 hours. Concurrent session limits, forced logout, and active session monitoring.

Conditional Access Policies

Define access policies based on user location, device type, risk level, and time of day. Integrate with Azure AD Conditional Access and Okta policies.

Audit Logging

Complete audit trail of all authentication events, permission changes, and data access. Export to SIEM platforms via Splunk, Datadog, or syslog.

Password Policy

Configurable password complexity, rotation, and history requirements for local accounts. Integration with corporate password policies via SSO.

Need help with SSO setup?

Our implementation team will configure SSO for you as part of enterprise onboarding.

Contact Sales