One login for your whole team.
No separate passwords needed.
Sign in with Google, Okta, or your company directory. Every team member gets instant access to the right MCP servers without creating a new account.
Bring your own IdP.
Okta, Azure AD, Google Workspace, Auth0, Keycloak — connect whatever your organization already uses. No separate credentials.
SAML Single Sign-On
Enterprise-grade SAML 2.0 integration. Connect Okta, Azure AD, OneLogin, or any SAML-compliant identity provider. Assertion validation, attribute mapping, and relay state — all handled.
OIDC Authorization
Standards-based OpenID Connect flow. Google Workspace, Auth0, Keycloak, or any OIDC provider. Token validation, claims mapping, and automatic refresh built-in.
Default Authentication
Email and password with bcrypt hashing. Google and GitHub OAuth out of the box. Secure by default for teams not yet on SSO.
Passwords off. IdP only.
Map your corporate domain, flip the switch, and every member authenticates through your identity provider. No exceptions. No fallback. No bypass.
Domain Mapping
Verify your corporate domain. Every email matching that domain is automatically routed through your IdP — no manual enrollment required.
Strict Enforcement
One toggle disables all local passwords for your organization. Members must authenticate through SSO. No fallback, no bypass, no exceptions.
Encrypted Credentials
All SSO configurations — certificates, secrets, endpoints — are encrypted at rest with AES-256. Never stored in plaintext. Never logged.
Permission-Gated Access
SSO integrates directly with Vinkius RBAC. IdP group claims map to organization roles. Access granted only to what the identity provider authorizes.
One identity provider.
Zero shared passwords.
Enforce enterprise SSO across every MCP server. SAML 2.0 and OpenID Connect integrated into the Vinkius edge. Domain mapping, strict enforcement, and encrypted credential storage — production-ready in under five minutes.