Security and Access Management

Enterprise SAML Single Sign-On (SSO)

Connect your identity provider to Ours Privacy with SAML-based single sign-on. Works with Microsoft Entra ID (Azure AD), Okta, Google Workspace, and any SAML 2.0 IdP.

Ours Privacy supports enterprise single sign-on (SSO) over SAML 2.0, and works with Microsoft Entra ID (Azure AD), Okta, Google Workspace, and any other SAML 2.0 identity provider.

Use this page to connect your identity provider (IdP) so your team signs in through SAML SSO.


Supported identity providers

Ours Privacy connects to your IdP over the standard SAML protocol, including:

  • Microsoft Entra ID (formerly Azure Active Directory)
  • Okta (Workforce)
  • Google Workspace
  • OneLogin, Ping Identity, JumpCloud, and any other IdP that supports SAML 2.0

If your IdP supports SAML 2.0, it works with Ours Privacy, even if it is not named above.

Only need Google or Microsoft sign-on? EASIE is an optional OpenID Connect (OIDC) shortcut for Google Workspace and Microsoft Entra ID that skips SAML setup. It's purely a convenience: full SSO, including Okta, custom attribute and role mapping, and IdP-initiated login, runs over SAML.

Deprovisioning

When a user leaves your IdP, Ours Privacy can remove their access and prevents a deprovisioned user from linking other authentication methods to their account.

  • EASIE: before issuing a new session token, Ours Privacy checks whether the user has been deprovisioned from their OpenID provider (for example, suspended or deleted in Google Workspace, or deleted in Microsoft Entra). This check may take up to about 10 minutes to reflect a change.
  • SAML: an admin can revoke access at any time, and automated deprovisioning (including SCIM) may be available depending on your IdP and plan. Ask your account manager.

Configuration guide

  1. Contact sales or your account manager. Ask your sales representative to enable SAML SSO on your account. Ours Privacy provisions the SAML connection for you.
  2. Receive your SAML connection details. Once the connection is set up, Ours Privacy provides your Single Sign-On (SSO) URL, Audience URI, and Metadata URL.
  3. Customize attribute mappings (optional). Map attributes such as email, first_name, last_name, and role to ensure correct user provisioning.
  4. Test and enable. Verify IdP authentication, test login across user roles, then enable SAML SSO for all users.

Frequently asked questions

Do you support both IdP-initiated and SP-initiated SAML?

Yes, for SAML. Ours Privacy supports both IdP-initiated login (from your IdP dashboard) and SP-initiated login (from Ours Privacy).

How do we handle user property and role mapping?

You configure this with Ours Privacy during step 3, after the connection details are set up.

What happens when an employee leaves our organization?

An admin can revoke access at any time, and automated deprovisioning may be available for your connection. See Deprovisioning for how this works with EASIE and SAML.

Do you support multiple IdPs for a single organization?

Yes. Work with your account manager to configure additional IdPs for your organization.


Next Steps

How is this guide?

On this page