Which identity providers are supported?

Any SAML 2.0 IdP — Azure AD / Entra, Okta, Google Workspace, OneLogin, and custom SAML endpoints. SCIM provisioning is supported for Entra and Okta on the enterprise tier.

Can I keep local accounts alongside SSO?

Yes, by tenant policy. Most enterprises shut local accounts off entirely. Smaller deployments often run SSO for staff and local accounts for occasional contractors.

Is just-in-time provisioning supported?

Yes. The first SAML assertion can create a user with role mappings driven by group memberships, and SCIM keeps the user lifecycle aligned thereafter.

Integration · Platform

SSO / SAML

Enterprise tenants can replace local passwords with SAML 2.0 single sign-on against their existing identity provider. SCIM provisioning lines up users and roles automatically as they join, move, or leave.

Specification

How the integration runs

Direction of data flow: Inbound (external → Sustain360)
Sync cadence: Real-time on sign-in and provisioning events.
Authentication: SAML 2.0; SCIM for provisioning.
Setup time: Half a day with IdP co-operation.
What syncs: Users
Roles
Group memberships

Stages

Stages this connector touches

SSO / SAML runs across the following stages of the eight-stage workflow.

Stage 08

Report

PDF reports, audit trails, compliance documentation for ELV (EU) and ATF (UK).

Related connectors

Other connectors in the platform category. Or jump back to the full integrations directory.

Bi-directional

REST API

Public, versioned, documented (Swagger / OpenAPI).

Read the spec

Outbound

Webhooks

Outbound event delivery for order, stock, and state-change events.

Read the spec

FAQ

SSO / SAML

How the integration runs

Stages this connector touches

Related connectors

REST API

Webhooks

Questions about SSO / SAML

See SSO / SAML in the loop,
on real yard data.

SSO / SAML

How the integration runs

Stages this connector touches

Related connectors

REST API

Webhooks

Questions about SSO / SAML

Which identity providers are supported?

Can I keep local accounts alongside SSO?

Is just-in-time provisioning supported?

See SSO / SAML in the loop,on real yard data.

See SSO / SAML in the loop,
on real yard data.