InfracodebaseInfracodebase

Single Sign-On (SSO)

Enterprise SSO lets your organization control access to Infracodebase through your existing identity provider. When SSO is enabled, team members sign in with their corporate credentials instead of creating separate accounts.

Availability

SSO is available on negotiated enterprise plans. Contact your account team to enable SSO for your organization.

Supported protocols

Infracodebase supports enterprise SSO through the following protocols.

  • SAML 2.0. Works with identity providers like Okta, Azure AD (Entra ID), OneLogin, and any SAML 2.0 compliant provider.
  • OpenID Connect (OIDC). Works with providers that support the OIDC standard.

How it works

Once SSO is configured for your enterprise, team members authenticate through your identity provider instead of using email/password or social login. The flow is straightforward.

  1. A user navigates to Infracodebase and clicks "Sign in."
  2. They enter their corporate email address.
  3. They are redirected to your identity provider (Okta, Azure AD, etc.) to authenticate.
  4. After successful authentication, they are redirected back to Infracodebase with access to your enterprise.

Users are automatically mapped to your enterprise based on their verified email domain. New users who authenticate via SSO for the first time are provisioned automatically.

What SSO controls

When SSO is enabled for your enterprise:

  • Authentication is centralized. All sign-ins go through your identity provider. You control password policies, MFA requirements, and session management from one place.
  • Access is tied to employment. When you deactivate a user in your identity provider, they lose access to Infracodebase immediately. No separate offboarding step needed.
  • Domain verification. Only users with email addresses from your verified domain(s) can access your enterprise.

Setting up SSO

SSO configuration is handled by the Infracodebase team during enterprise onboarding. You will need to provide:

  1. Your identity provider type (Okta, Azure AD, etc.)
  2. SAML metadata URL or OIDC discovery endpoint
  3. The email domain(s) to associate with your enterprise

Your account team will walk you through the setup and verify the connection is working before enabling it for your organization.

Combining SSO with roles

SSO controls who can sign in. Roles control what they can do once signed in. Enterprise administrators can assign roles to manage permissions across the organization, including who can create workspaces, manage rulesets, configure integrations, and view billing.

See Roles and People & Teams for details on permission management.

Enterprise Configuration
People & Teams
Workspaces
Overview