Single sign-on (SSO) for your whole company
Put your inventory behind your own identity provider. Verify your domain, connect SAML, and decide exactly who gets in — using the same login your team already has for everything else.
Start free for a limited timeVerify your domain
Prove you own your email domain with a single DNS TXT record — the same way you’d verify it with any enterprise tool.
Connect any SAML IdP
Works with Okta, Microsoft Entra ID, Google Workspace, OneLogin, JumpCloud, Duo and any SAML 2.0 provider.
Require SSO & auto-provision
Force everyone on your domain to log in through SSO, and add new teammates to the company automatically on first sign-in.
Set it up in four steps
SSO lives in your company’s settings under Single Sign-On (SSO). The flow mirrors the enterprise setup you already know:
- Add your domain — e.g.
yourcompany.com. - Verify it by adding the DNS TXT record we generate. Once it resolves, the domain is confirmed as yours.
- Connect your identity provider — import your IdP’s metadata (URL or XML) and we fill in the Entity ID, sign-on URL and certificate for you, or enter them by hand.
- Choose your policy — require SSO for everyone on the domain, and optionally auto-add people from that domain to the company.
Why it matters
- Central control. Onboard and offboard from your identity provider — revoke access there and it’s gone here.
- No password sprawl. One set of credentials, your existing MFA, and nothing extra for your team to forget or reuse.
- Right people only. Domain verification plus require-SSO means only your verified, authenticated team can reach company inventory.
SSO sits alongside the rest of how we secure your data — OAuth 2.1 for AI connections, per-company isolation and encrypted tokens. See the security page for the full picture, or read why SAML SSO is no longer optional.