Identity Provider Integration

OnePAM plugs into your existing IdP — Okta, Azure AD, Google Workspace, or any SAML/OIDC provider. Unified access policies and JIT provisioning.

Start Free Trial See All Features
What You Get

Plug Into Your Existing IdP

Native SSO with Okta, Azure AD, Google Workspace
Full SAML 2.0 Service Provider implementation
OpenID Connect support
JIT user provisioning from SAML assertions
MFA enforcement on every connection
Configurable attribute mapping to users, teams, and roles
Role-based access policies synced from your IdP
Group-based access controls
Automatic user provisioning and deprovisioning
Identity-aware audit logs
Identity Flow

SSO Authentication

https://access.onepam.com/identity 1 Connect your Identity Provider SAML 2.0, OpenID Connect, or LDAP — plug in and go O Okta OIDC / SAML AD Azure AD OIDC / SAML G Google Workspace Custom SAML / OIDC 2 User authenticates via SSO Redirected to your IdP — passwords never touch OnePAM Sign in with Okta john@acme.com OnePAM validates SAML assertion verified ✓ Token cryptographically signed 3 MFA enforced on every connection Hardware key, TOTP, or push notification — configurable per policy 🔑 Hardware Key FIDO2 / WebAuthn 📱 Push Notify Okta Verify / Duo TOTP Code Authenticator app ✓ MFA verified 4 Roles & groups synced from your IdP RBAC policies map IdP groups to OnePAM access levels automatically IdP: SRE-Team IdP: DevOps SSH + DB Admin Web Apps Read 4 Resources Access Granted 5 Session established — fully audited Every connection tied to an identity, recorded, and time-limited Identity Verified john@acme.com | MFA ✓ | Okta SSO | SRE-Team LIVE
Deploy in Under 5 Minutes

Three Steps to Secure Access

1. Sign Up With SSO

Connect your identity provider — Okta, Azure AD, Google Workspace, or any SAML/OIDC provider. Your team logs in with existing credentials.

2. Add Your Resources

Register servers, databases, Kubernetes clusters, and web apps. Define who can access what with role-based policies.

3. Access Securely

Your team accesses resources through the browser — identity-verified, session-recorded, and audit-logged. No VPN, no exposed ports.

Goes Well With

Related Capabilities

SSH Access Management

Stop exposing SSH ports and sharing keys. OnePAM provides identity-verified browser SSH with session recording, keystroke logging, and automatic key rotation.

Secure RDP Access Management

Shared admin accounts and exposed RDP ports are the #1 Windows attack vector. OnePAM replaces them with identity-verified RDP and session recording.

VNC Remote Desktop Access

VNC ports on the internet are a breach waiting to happen. OnePAM provides browser-based VNC with SSO, MFA, and session recording.

Try Identity Provider Integration — Free for 14 Days

From signup to your first secure session in under 5 minutes. No infrastructure changes, no credit card, no sales call.

Start Free — Deploy in 5 Minutes