Skip to main content

Single Sign-On (SSO)

Enterprise
note

Enterprise SSO (SAML 2.0 / OIDC) is a roadmap capability delivered as a custom engagement, not a self-serve GA feature today. There is no self-serve "Configure SSO" screen, ACS URL, or Entity ID flow in the product yet. Today, users authenticate with email/password or Google/Microsoft social sign-in. If enterprise federation is a requirement for your deployment, contact your account manager so we can scope what is available for your environment.

Single Sign-On is designed to enable secure, centralized authentication for your Containment.AI organization.

Overview

SSO is designed to provide:

  • Centralized authentication through your IdP
  • Enforce corporate password policies
  • Automatic session management
  • Simplified user experience

Supported Protocols

SSO is designed around the standard enterprise federation protocols:

SAML 2.0

Standard enterprise federation protocol used by providers such as Okta, Azure AD / Entra ID, OneLogin, Ping Identity, Google Workspace, JumpCloud, and other SAML 2.0 IdPs.

OIDC (OpenID Connect)

Modern authentication protocol used by providers such as Okta, Auth0, Azure AD, Google, and Keycloak.

The exact set of supported providers and enforcement options is confirmed per engagement.

Getting Started

Enterprise SSO requires a custom implementation with your identity team. Contact your Containment.AI account manager or sales team to begin:

  1. Requirements gathering - Discuss your IdP, protocol (SAML/OIDC), and enforcement needs
  2. Architecture review - Confirm attribute and group mappings
  3. Implementation - Configure and connect the federation
  4. Testing - Verify sign-in and attribute mapping with a pilot group
  5. Production - Enforce and go live