Identity & Security

One login. Zero gaps with single sign on software across every module.

Single sign on software, SAML 2.0, multi-factor authentication, SCIM, and IP controls are built into the same platform that runs your commerce, product information management, order management, content management, and marketplace. One authentication software layer secures your whole operation.

Enterprise-grade security SOC 2 aligned posture
Security administrator configuring single sign-on and multi-factor authentication settings on a modern enterprise security dashboard
redefine.app / security / sso
Active single sign-on Sessions247 live
SAML 2.0OAuth 2.0OpenID ConnectMulti-factor authentication active
SAML 2.0
enterprise single sign-on
SOC 2
aligned security posture
Every module
one auth layer
The problem with fragmented identity

Your team logs into five tools to run one store.

Separate logins per tool

Commerce, product information management, order management, and content management each demand a separate identity provider. One password change breaks three systems.

No unified offboarding

A departing employee keeps access in four places because deprovisioning is manual and fragmented across every tool.

Multi-factor authentication gaps across modules

Enforcing multi-factor authentication in one module does nothing for the others. Compliance auditors find gaps every time.

One single sign-on for everything

A single SAML 2.0 or OAuth 2.0 login grants scoped access to every platform module. Your identity provider stays the source of truth.

SCIM auto-deprovisioning

Remove a user in your directory and SCIM instantly revokes access across all modules. No manual cleanup, no lingering access.

Platform-wide multi-factor authentication enforcement

Configure multi-factor authentication once and enforce it everywhere. One policy covers commerce, product information management, order management, content management, and every admin panel simultaneously.

IT security team reviewing access logs and permissions dashboard in an enterprise operations center
How it works

From identity provider to scoped access in under 10 minutes.

Connect your existing identity provider once. This identity management software lets every module inherit the session, the roles, and the enforcement policy automatically.

1Day 1 · 15 minutes

Connect your identity provider

Paste your SAML metadata URL or OAuth client credentials into the single sign-on configuration panel.

2Day 1 · 20 minutes

Map roles to module permissions

Assign your directory groups to platform roles. A buyer group gets catalog access; a finance group gets order management read-only.

3Day 1 · 5 minutes

Enable multi-factor authentication and IP controls

Toggle on multi-factor authentication for admin roles. Add IP allowlists for warehouse-only access. One policy applies platform-wide.

4Ongoing · automatic

SCIM keeps users in sync

Add or remove users in your directory. SCIM provisions or deprovisions access across all modules in real time. No manual cleanup.

Settings › Identity & Single Sign-On

Single sign-on provider configuration

ProtocolSAML 2.0 active
Metadata URLokta.com/app/metadata
OpenID ConnectOptional, not set
ScopeAll modules
Key capabilities

Every IAM software layer your enterprise needs, built in.

Single sign-on across every module

This IAM software supports SAML 2.0, OAuth 2.0, and OpenID Connect. Your existing identity provider, Okta, Azure Active Directory, Google Workspace, connects to every platform module through a single configuration.

  • Commerce, product information management, order management, content management, marketplace: one session
  • Works with any SAML 2.0-compliant provider
  • Just-in-time provisioning on first login
Single sign-on Module Coverage
Business-to-business CommerceCovered
Product Information / CatalogCovered
Order ManagementCovered
Content Management / StorefrontCovered
Marketplace / ChannelsCovered
Multi-factor Authentication Policy Engine

Enforcement by role

Admin rolesTOTP + SMS required
Editor rolesTOTP required
Viewer rolesOptional

Last policy sync: 2 minutes ago · 312 users covered

Platform-wide multi factor authentication software enforcement

Set one multi factor authentication software policy and it applies to every module. TOTP, SMS, hardware keys: your choice per role. No per-app configuration. No compliance gaps hiding in modules you forgot.

  • Role-level multi-factor authentication differentiation
  • Covers all modules from one policy panel
  • Audit-ready enforcement logs per user

Authentication software encryption and security audits

Data encrypted at rest and in transit with TLS 1.2 or higher. Regular penetration testing and security audits validate your posture against real threats, not just checkbox compliance.

  • TLS 1.2+ for all data in transit
  • Scheduled penetration testing program
  • Findings documented and tracked to resolution
Security engineer reviewing penetration test results and encryption audit report

SCIM provisioning

Automate user lifecycle across all modules from your directory.

IP allowlisting

Restrict access to approved IP ranges. Warehouse-only, office-only, or global.

Geo-restriction controls

Limit logins to specific countries or regions for compliance-sensitive operations.

Client proof

Permissions rebuilt. Data integrity restored.

Manufacturing operations team reviewing enterprise resource planning and access management data in a modern facility
Real client project

Client

KYB Conmat Pvt. Ltd.

Manufacturing

Context

Hydraulic and electronic product manufacturer operating in a high-volume, transaction-heavy environment requiring robust access controls.

Problem

Outdated permissions management generated junk data, created compliance risk, and limited remote operational flexibility across locations.

Result

0

retail outlets managed post-upgrade, with enhanced permissions preventing data integrity failures and compliance gaps.

0

users provisioned via SCIM in one sync

0

to offboard a departing team member

0

module coverage from one single sign-on configuration

Why Redefine is different

Other platforms split governance across five products. We built it into one.

Many platforms bury security settings across separate products or require additional identity middleware to connect modules. Redefine ships single sign on software, multi-factor authentication, SCIM, audit logs, and permissions from a single governance layer that covers your entire platform.

Capability Redefine
Single sign-on coverage
All modules, one config
Multi-factor authentication enforcement
Platform-wide policy engine
SCIM provisioning
Native, covers all modules
Audit logging
Unified log across every module
Compliance posture
Exportable audit and access reports
Best-fit scenarios

The teams that get the most from unified identity management software.

Multi-brand enterprises

Running five storefronts under one holding company. Authentication software with scoped module access means each brand team only sees their own catalog, orders, and content.

Program store operators

Company stores and redemption programs where participants need single sign-on from the corporate directory. One login, controlled catalog, automatic deprovisioning when they leave the company.

SOC 2 audit preparation

When your auditor asks for access control evidence, you export it. Audit logs, multi factor authentication software records, and role-change history are all in one exportable report.

Business-to-business buyer portals

Business-to-business buyers log in through your portal with their company identity provider. Their catalog, pricing, and order history is scoped to their account without manual setup.

High-turnover warehouse teams

Seasonal staff cycles in and out. SCIM provisioning from your human resources system means warehouse access is granted on day one and revoked automatically on their last day.

Global distributed teams

Teams across multiple countries where geo-restriction and IP allowlisting matter for data residency compliance and limiting attack surface by region.

Diverse enterprise team reviewing role-based access permissions in a modern open office
Related integrations

Your identity provider connects here. No middleware required.

Connect Okta, Azure Active Directory, Google Workspace, Auth0, or any SAML 2.0-compliant provider directly to this IAM software. One integration covers every platform module simultaneously.

Azure Active Directory

SAML 2.0 + SCIM. Native connector, no custom code.

Native

Google Workspace

OAuth 2.0 + OpenID Connect. Works with Google single sign-on out of the box.

Native

Auth0 / Okta

Full SAML 2.0 and OAuth 2.0 support. SCIM provisioning included.

Native

Any SAML 2.0 provider

OneLogin, Ping Identity, Duo Security: all supported via standard SAML.

Universal
Integrations › Identity & Single Sign-On › Status

Provider

Azure Active Directory

Last sync

4 minutes ago

Users synced

312 / 312

Status

Healthy

Is this right for you?

This fits well. This does not.

Good Fit
  • You already use an identity provider and want to extend it to your commerce platform.
  • Your team spans multiple roles and modules and separate logins are causing access management pain.
  • You run a program store or company store where participant identity is managed by human resources or IT.
  • You have a compliance requirement (SOC 2, GDPR, HIPAA adjacent) that demands documented access controls.
Not The Right Fit
  • You are a solo operator with one admin and no compliance requirements: native login is sufficient.
  • You do not have or plan to adopt a central identity provider: single sign-on requires one to connect to.
  • You need a dedicated identity-as-a-service product: we handle platform identity, not enterprise identity and access management replacement.

Not sure? Tell us your situation and we will be straight with you.

IT compliance manager reviewing an access audit report and security documentation checklist
Questions

What buyers ask before they review security.

Does single sign-on cover every module, including product information management, order management, and content management, or just the storefront?
Every module, commerce, product information management, order management, content management, marketplace, program store, and forms, is covered by the same single sign-on configuration. Your team members authenticate once and access all permitted modules within that session. There is no separate single sign-on setup per module.
Which identity providers are supported out of the box?
Any SAML 2.0-compliant identity provider works natively, including Azure Active Directory, Google Workspace, Auth0, OneLogin, and Ping Identity. OAuth 2.0 and OpenID Connect are also supported. If your provider issues a SAML metadata URL, setup takes under 15 minutes.
Can we enforce multi-factor authentication for admin accounts but leave it optional for read-only users?
Yes. Multi-factor authentication enforcement is configured per role, not per module. You can require TOTP or SMS for Admin and Editor roles while keeping multi-factor authentication optional for Viewer-only accounts. The policy applies across all modules automatically, no per-app enforcement steps.
How does SCIM deprovisioning work when a team member leaves?
When a user is deactivated in your directory, the SCIM connection propagates that change to the platform in real time. All active sessions are terminated and access is revoked across every module within seconds. No manual cleanup is required on the platform side.
How long does the initial single sign-on configuration take?
For a standard SAML 2.0 connection to a supported provider, configuration takes under 30 minutes. Role mapping and multi-factor authentication policy setup adds another 20 to 30 minutes. Full SCIM provisioning setup including group mapping can take a few hours depending on directory complexity. We handle the configuration for you during onboarding.
Get started

Review your security posture with us.

Tell us how your team manages access today. We will show you exactly what unified identity management software looks like on your platform.

Form

Call within 48 hours · proposal in 3 days · Sprint 1 within 1 week of sign-off

48 hour response
Proposal in 3 days
120+ projects
You own the code

What happens next

1

Call within 48 hours

We review your brief before the call so your time is not wasted explaining context we already have.

2

Scoped proposal in 3 days

Line-by-line scope. No padded estimates. No commitment required to receive the proposal.

3

Sprint 1 within 1 week of sign-off

Single sign-on and multi-factor authentication configuration ships in Sprint 1. You see results before the invoice is due.

IT director reviewing the security configuration dashboard with a team member

No commitment. No pitch.

Your brief is reviewed by our security and platform team, not routed to a sales queue. You get a specific, scoped answer, not a demo playbook.

One login away

Your identity provider is already the source of truth. Let your commerce platform use it.

Connect single sign on software in under 30 minutes. Add multi-factor authentication and SCIM in the same session. No middleware. No custom code. No lingering access gaps when your team changes.

No commitment. No pitch. Submit brief → call within 48 hours → proposal in 3 days.

Your team spends 2 to 3 hours total on the security configuration review. We handle single sign on software setup, role mapping, multi-factor authentication enforcement, and SCIM connection entirely on our side.

Enterprise security team reviewing a unified access dashboard showing single sign-on and multi-factor authentication coverage across all commerce modules

Coverage

100%

modules covered by one single sign-on config

Get on a call with us to see how we can help you

Get a Quote