MCP server access. Governed by your identity provider.
SAML 2.0 and OpenID Connect. Enforce SSO org-wide. Disable local passwords entirely. One directory. One source of truth. Hardened into the Vinkius.
Bring your own IdP.
Okta, Azure AD, Google Workspace, Auth0, Keycloak - connect whatever your organization already uses. No separate credentials.
SAML Single Sign-On
Enterprise-grade SAML 2.0 integration. Connect Okta, Azure AD, OneLogin, or any SAML-compliant identity provider. Assertion validation, attribute mapping, and relay state - all handled.
OIDC Authorization
Standards-based OpenID Connect flow. Google Workspace, Auth0, Keycloak, or any OIDC provider. Token validation, claims mapping, and automatic refresh built-in.
Default Authentication
Email and password with bcrypt hashing. Google and GitHub OAuth out of the box. Secure by default for teams not yet on SSO.
Passwords off. IdP only.
Map your corporate domain, flip the switch, and every member authenticates through your identity provider. No exceptions. No fallback. No bypass.
Domain Mapping
Verify your corporate domain. Every email matching that domain is automatically routed through your IdP - no manual enrollment required.
Strict Enforcement
One toggle disables all local passwords for your organization. Members must authenticate through SSO. No fallback, no bypass, no exceptions.
Encrypted Credentials
All SSO configurations - certificates, secrets, endpoints - are encrypted at rest with AES-256. Never stored in plaintext. Never logged.
Permission-Gated Access
SSO integrates directly with Vinkius RBAC. IdP group claims map to organization roles. Access granted only to what the identity provider authorizes.
AI agents never stop.
MCP Servers need Vinkius.
Autonomous agents don't sleep. Every tool call hits a hardened isolation perimeter - cryptographic lockfiles, zero-trust RBAC, and hard execution quotas enforced at the payload level. No wrappers. Titanium-grade governance for autonomous compute.