SSO and Identity

SSO is not fully active in the current route surface. Influgen exposes an SSO placeholder in organization responses so enterprise teams can see the planned direction, but there is not yet a dedicated end-to-end SAML or OIDC configuration API to turn on today.

Current state

Organization payloads currently advertise:

status: planned
supported protocols: saml, oidc
integration points:
- metadata_import
- domain_verification
- idp_initiated_login
- scim_provisioning_hook

That is a roadmap and contract signal, not a complete production control plane.

What enterprise teams can do now

While waiting for full SSO rollout, prepare these inputs:

verified company domains
IdP metadata ownership
group-to-role mapping rules
user lifecycle policy
fallback local admin accounts

Recommended preparation checklist

Decide whether SAML or OIDC is the better fit for your IdP.
Define which groups should map to owner, admin, editor, and viewer.
Reserve at least one local break-glass owner account.
Verify domains you expect to use for white-label or enterprise identity.

What to document internally

who owns the IdP setup
who approves role mapping changes
how deprovisioning should work
whether SCIM-like provisioning is required on day one

This page will evolve when the full SSO setup flow lands. For now, treat it as a readiness guide, not a completed feature manual.

Current state​

What enterprise teams can do now​

Recommended preparation checklist​

What to document internally​

Current state

What enterprise teams can do now

Recommended preparation checklist

What to document internally