Are you an LLM? Read llms.txt for a summary of the docs, or llms-full.txt for the full context.
Skip to content

Single Sign-On (SSO)

:::info Coming Soon This feature is under active development. The design below reflects our planned implementation. :::

Single Sign-On enables enterprise customers to use their existing corporate identity provider to authenticate into your application. Aero2 will act as a SAML 2.0 Service Provider (SP), integrating with enterprise identity providers.

Supported Protocols

SAML 2.0

Aero2 will function as a SAML 2.0 Service Provider, supporting:

  • SP-initiated SSO — Users start the sign-in flow from your application
  • IdP-initiated SSO — Users start from their corporate identity portal
  • Single Logout (SLO) — Sign-out propagated between your application and the IdP
  • SP metadata endpoint — Auto-generated XML metadata for easy IdP configuration
  • Attribute mapping — Map IdP attributes (e.g., displayName, department) to Aero2 user profile fields

Supported Enterprise IdPs

Any SAML 2.0-compliant identity provider will work. Common examples include:

  • Okta
  • Microsoft Azure AD (Entra ID)
  • OneLogin
  • PingFederate
  • Google Workspace

SCIM 2.0 Provisioning

Aero2 will also support SCIM 2.0 (System for Cross-domain Identity Management) for automatic user and group synchronization:

  • User provisioning — Automatically create and update user accounts when they are added or changed in the IdP
  • User deprovisioning — Automatically disable accounts when users are removed from the IdP
  • Group sync — Synchronize IdP groups to Aero2 organizations and roles

Use Cases

SSO is particularly useful for B2B applications where your enterprise customers:

  • Require centralized access control through their corporate IdP
  • Need to enforce their own security policies (password complexity, MFA)
  • Want automatic provisioning and deprovisioning of user accounts
  • Need audit trails that integrate with their existing security tools