Close deals, not tickets.

Enterprise SSO that ships in an afternoon. SAML is built in, not bolted on.

Free up to 2,000 MAU

Security questionnaire

SAML 2.0 supportBuilt-in

IdP-initiated flowBuilt-in

SP-initiated flowBuilt-in

Tenant isolationBuilt-in

Per-tenant IdP configBuilt-in

Assertion validationBuilt-in

Controlled rolloutBuilt-in

Audit loggingBuilt-in

Every line item your buyer asks about. Already handled.

Three steps. That's it.

Configure, test, ship. Each step is one SDK call.

Step 01Configure

Point your tenant at their identity provider. One call.

await authaz.sso.saml.configureTenant({
  tenantId: "org_123",
  mode: "idp_and_sp_initiated",
  entityId: "https://acme.authaz.io/saml",
  acsUrl: "https://app.acme.com/saml/callback",
});

Step 02Test

Validate both flows before going live. Built-in dry run.

const result = await authaz.sso.saml.testConnection({
  tenantId: "org_123",
  flow: "sp_initiated",
  dryRun: true,
});
// result.status → "ok"

Step 03Ship

Enable for the tenant. Roll back in one line if needed.

await authaz.sso.saml.enableTenant({
  tenantId: "org_123",
  rolloutStrategy: "immediate",
});

What's included

Both SAML flows

IdP-initiated and SP-initiated from the same configuration. No parallel auth stacks.

Tenant-scoped config

Each customer org gets its own metadata, callbacks, and assertion rules. Zero cross-tenant risk.

Rollout controls

Enable per-tenant, dry-run before go-live, and roll back instantly. Ship SSO without the sweating.

Stop losing deals to SSO gaps.

Enterprise SSO is included in every plan.

Free up to 2,000 MAU.