Enterprise SSO

Close enterprise deals.
Not engineering tickets.

SAML 2.0, OIDC, LDAP/AD -- configured from your dashboard in minutes. Domain routing auto-detects the right IdP. JIT provisioning creates users on first login.

Available on Starter and above. See pricing

Configure SSO from the dashboard

No code. Upload metadata or paste a discovery URL. Done in 10 minutes.

console.authfi.app/sso/connections

SSO Connections

+ Add connection
Acme Okta
acme.com
SAML Active
Stark Azure AD
stark.com
OIDC Active
Legacy Corp AD
legacy.corp
LDAP Active

Domain routing -- automatic IdP detection

User types their email. AuthFI reads the domain. Redirects to the right identity provider.

alice@acme.com Okta SAML
bob@stark.com Azure AD OIDC
carol@legacy.corp On-prem LDAP
dave@gmail.com Google social

Three protocols. Every IdP covered.

SAML 2.0

Enterprise standard. Upload IdP metadata XML. AuthFI handles assertion parsing, signature validation, attribute mapping.

OktaAzure ADGoogle WorkspacePingIdentity

OIDC

Modern OpenID Connect. Provide a discovery URL and client credentials. Authorization code flow with PKCE.

Entra IDOktaAuth0Keycloak

LDAP / AD

On-prem directory. Bind to LDAP, search users, validate credentials. LDAPS for encryption.

Active DirectoryOpenLDAPFreeIPA

Just-in-time provisioning

First SSO login auto-creates the user. Maps IdP attributes to AuthFI profile. Assigns groups and roles automatically.

Attribute mapping

FROM IdPTO AUTHFIEXAMPLE
NameID / subemailalice@acme.com
displayNamenameAlice Chen
memberOfgroups["engineering"]
departmentmetadata{"dept": "Eng"}

Ready to get started?

Free for 5,000 monthly active users. No credit card required.

Start free Read the docs