Sign in with your own identity provider
Connect Okta, Azure AD, Google, or any SAML or OIDC provider, and your team signs in with the credentials they already have. SCIM provisions and disables accounts automatically, so access always matches your directory.
Manual accounts drift out of your control
When people sign in with a separate username and password, your directory and your access list slowly diverge. Someone leaves and their account lingers, a new hire waits on a manual invite, and no one can prove that access matches who actually works here. That gap is exactly what a security review looks for.
Single sign-on closes it. Your team authenticates through the identity provider you already run, with the multi-factor you already enforce, and SCIM keeps the account list in lockstep with your directory: created on hire, updated on a role change, disabled the moment someone leaves.
- A password to manage outside your directory
- Orphaned accounts after someone leaves
- New hires wait on a manual invite
- MFA is optional and uneven
- No proof that access matches the org
- Sign in with the identity you already have
- SCIM disables accounts the moment they leave
- New hires provisioned automatically
- MFA enforced by your own provider
- Access always matches your directory
Your directory is the source of truth
A user signs in through your provider, and access is scoped without a password ever touching us. SCIM keeps the roster in sync.
User signs in
With their work identity, at your login
Your IdP verifies
Okta or Azure AD checks identity and MFA
Scoped session
File.Business grants access by role, no password
SCIM provisioning, always in sync
No password ever reaches File.Business. Authentication stays with your provider, and the account list follows your directory automatically, so there is nothing to reconcile by hand.
Every major provider, plus any standard
If it speaks SAML 2.0 or OIDC, it connects. The big providers are ready out of the box.
Okta
SAML and SCIM, ready to connect
Microsoft Entra ID
Azure AD sign-in and provisioning
Google Workspace
Sign in with Google identities
Auth0
SAML and OIDC connections
OneLogin
SAML sign-in and SCIM sync
Ping Identity
Enterprise SAML and provisioning
Any SAML 2.0
Connect any standards-based IdP
Any OIDC
OpenID Connect providers welcome
Connect, map, and enforce
Five steps, run with our team. Select one to see the detail.
Connect your identity provider
Add File.Business as a SAML or OIDC application in Okta, Azure AD, Google, or any standards-based provider, and exchange metadata. Our team helps with the setup so the connection is right the first time.
SAML 2.0 or OIDC, connected with your provider's standard flow.Map attributes and roles
Map your directory's groups or attributes to File.Business roles, so a person's group in your IdP becomes their role and scope here. A change in the directory becomes a change in access, with no manual step.
Directory groups map to the four roles and per-entity scope.Turn on SCIM provisioning
Enable SCIM and the account list stays in lockstep with your directory: users are auto-created on hire, updated on a role change, and disabled the moment they leave. Just-in-time provisioning also creates an account on a first successful sign-in.
Auto-create, update, and disable, plus just-in-time on first sign-in.Enforce SSO for everyone
Require sign-in through your provider so there are no local passwords to phish or leak, and let your IdP enforce the multi-factor policy you already run. One place controls how everyone gets in.
No local passwords; MFA enforced by your own provider.Prove it with the audit log
Every sign-in, provisioning event, and role change is written to a SOC 2 ready audit log. When a reviewer asks who has access and how they authenticate, the answer is a report, not a scramble across systems.
A SOC 2 ready audit log of sign-ins and provisioning events.Identity your security team can sign off on
The usual ways of managing access all leave a gap. Here is the difference.
| Capability | File.Business SSO | Email and password | Manual accounts | Build your own |
|---|---|---|---|---|
| SAML 2.0 and OIDC sign-in | Not available | Not available | Heavy build | |
| SCIM auto-provision and disable | Not available | Manual | Custom | |
| MFA enforced by your IdP | Optional | Optional | If you build it | |
| Directory groups map to roles | Not available | Not available | Custom | |
| No orphaned accounts on exit | Common | Common | If you build it | |
| SOC 2 ready audit log | Basic | Basic | Custom |
The point. Passwords and manual accounts always drift from the org chart, and closing that gap by hand never quite happens. SSO with SCIM makes your directory the single source of truth, so access is correct by construction. Compare the platform on the comparison hub.
Offboarding stopped being a checklist
We enforce MFA and manage everything from Okta, so a tool with its own passwords was a non-starter for us. With SSO and SCIM, people just sign in the way they sign in everywhere else, and when someone leaves Okta, their access here is gone the same second. Our reviewer loved it.
Representative composite based on customer outcomes. Setup depends on your provider and directory.
Team roles, security, and enterprise
Where to go to pair identity with access and prove it.
Team Permissions
The roles and per-entity scoping that SSO maps into.
See roles SecuritySecurity overview
SOC 2, the audit log, and the review packet for your team.
Read the overview LegalData Processing Agreement
The DPA and subprocessor list for your legal team.
See the DPA ScaleEnterprise
SSO, SCIM, and a dedicated team, in one contract.
See enterpriseStraight answers on protocols, provisioning, and proof
Which protocols do you support?
Which identity providers work?
Do you support SCIM provisioning?
Is just-in-time provisioning available?
Can I map directory groups to roles?
How is multi-factor handled?
Is there an audit log?
Which plan includes SSO?
Put sign-in and provisioning where they belong
Connect your identity provider with SAML or OIDC and turn on SCIM, or talk with our team about enabling SSO for your organization.