Single Sign-On setup

SAML 2.0 with any compliant identity provider. Tested and documented: Okta, Azure AD (Entra ID), Google Workspace, JumpCloud, OneLogin. Generic OIDC (OpenID Connect) also supported.

1. In your IdP, create a new SAML application. 2. Set the ACS URL to https://api.maniai.com/auth/saml/callback. 3. Set the Entity ID to https://maniai.com. 4. Map user attributes: email (required), firstName, lastName, role (optional). 5. Download the IdP metadata XML. 6. In mani Enterprise settings, upload the metadata XML. 7. Test with a single user before enabling for all.

SCIM 2.0 endpoint for automatic user provisioning. When a user is added in your IdP, they are auto-created in mani. When removed, access is revoked within minutes. Supported: create, update, deactivate. Group-to-role mapping configurable.

Just-In-Time provisioning creates user accounts on first SSO login. No pre-provisioning needed. Default role assigned by admin. Can be combined with SCIM for full lifecycle management.

Map IdP groups to mani roles: Admin, Manager, Creator, Viewer. Users inherit role from their IdP group membership. Changes in IdP propagate on next login.

All authentication events (login, logout, failed attempts, role changes) logged with timestamps and IP addresses. Export to your SIEM via webhook or API. 90-day retention in mani, unlimited in your SIEM.