Identity & Security
One login. Zero gaps across every module.
Single sign-on, SAML 2.0, multi-factor authentication, SCIM, and IP controls built into the same platform that runs your commerce, product information management, order management, content management, and marketplace. One authentication layer for your whole operation.
Enterprise-grade security
SOC 2 aligned posture
Active single sign-on Sessions247 live
SAML 2.0OAuth 2.0OpenID ConnectMulti-factor authentication active
The problem with fragmented identity
Your team logs into five tools to run one store.
Separate logins per tool
Commerce, product information management, order management, and content management each demand a separate identity provider. One password change breaks three systems.
No unified offboarding
A departing employee keeps access in four places because deprovisioning is manual and fragmented across every tool.
Multi-factor authentication gaps across modules
Enforcing multi-factor authentication in one module does nothing for the others. Compliance auditors find gaps every time.
One single sign-on for everything
A single SAML 2.0 or OAuth 2.0 login grants scoped access to every platform module. Your identity provider stays the source of truth.
SCIM auto-deprovisioning
Remove a user in your directory and SCIM instantly revokes access across all modules. No manual cleanup, no lingering access.
Platform-wide multi-factor authentication enforcement
Configure multi-factor authentication once and enforce it everywhere. One policy covers commerce, product information management, order management, content management, and every admin panel simultaneously.
How it works
From identity provider to scoped access in under 10 minutes.
Connect your existing identity provider once. Every module inherits the session, the roles, and the enforcement policy automatically.
1Day 1 · 15 minutes
Connect your identity provider
Paste your SAML metadata URL or OAuth client credentials into the single sign-on configuration panel.
2Day 1 · 20 minutes
Map roles to module permissions
Assign your directory groups to platform roles. A buyer group gets catalog access; a finance group gets order management read-only.
3Day 1 · 5 minutes
Enable multi-factor authentication and IP controls
Toggle on multi-factor authentication for admin roles. Add IP allowlists for warehouse-only access. One policy applies platform-wide.
4Ongoing · automatic
SCIM keeps users in sync
Add or remove users in your directory. SCIM provisions or deprovisions access across all modules in real time. No manual cleanup.
Single sign-on provider configuration
ProtocolSAML
2.0 active
Metadata URLokta.com/app/metadata
OpenID ConnectOptional,
not set
ScopeAll modules
Key capabilities
Every security layer your enterprise needs, built in.
Single sign-on across every module
Support SAML 2.0, OAuth 2.0, and OpenID Connect. Your existing identity provider, Okta, Azure Active Directory, Google Workspace, connects to every platform module through a single configuration.
- Commerce, product information management, order management, content management, marketplace: one session
- Works with any SAML 2.0-compliant provider
- Just-in-time provisioning on first login
Business-to-business CommerceCovered
Product Information / CatalogCovered
Order ManagementCovered
Content Management / StorefrontCovered
Marketplace / ChannelsCovered
Enforcement by role
Admin rolesTOTP + SMS required
Editor rolesTOTP required
Viewer rolesOptional
Last policy sync: 2 minutes ago · 312 users covered
Platform-wide multi-factor authentication enforcement
Set one multi-factor authentication policy and it applies to every module. TOTP, SMS, hardware keys: your choice per role. No per-app configuration. No compliance gaps hiding in modules you forgot.
- Role-level multi-factor authentication differentiation
- Covers all modules from one policy panel
- Audit-ready enforcement logs per user
Encryption and security audits
Data encrypted at rest and in transit with TLS 1.2 or higher. Regular penetration testing and security audits validate your posture against real threats, not just checkbox compliance.
- TLS 1.2+ for all data in transit
- Scheduled penetration testing program
- Findings documented and tracked to resolution
SCIM provisioning
Automate user lifecycle across all modules from your directory.
IP allowlisting
Restrict access to approved IP ranges. Warehouse-only, office-only, or global.
Geo-restriction controls
Limit logins to specific countries or regions for compliance-sensitive operations.
Client proof
Permissions rebuilt. Data integrity restored.
Real client
project
Client
KYB Conmat Pvt. Ltd.
ManufacturingContext
Hydraulic and electronic product manufacturer operating in a high-volume, transaction-heavy environment requiring robust access controls.
Problem
Outdated permissions management generated junk data, created compliance risk, and limited remote operational flexibility across locations.
Result
0
retail outlets managed post-upgrade, with enhanced permissions preventing data integrity failures and compliance gaps.
0
users provisioned via SCIM in one sync
0
to offboard a departing team member
0
module coverage from one single sign-on configuration
Why Redefine is different
Other platforms split governance across five products. We built it into one.
Many platforms bury security settings across separate products or require additional identity middleware to connect modules. Redefine ships single sign-on, multi-factor authentication, SCIM, audit logs, and permissions from a single governance layer that covers your entire platform.
| Capability | Redefine |
|---|---|
| Single sign-on coverage | All modules, one config
|
| Multi-factor authentication enforcement | Platform-wide
policy engine
|
| SCIM provisioning | Native, covers all
modules
|
| Audit logging | Unified log across
every module
|
| Compliance posture | Exportable audit and
access reports
|
Best-fit scenarios
The teams that get the most from unified identity.
Multi-brand enterprises
Running five storefronts under one holding company. Single sign-on with scoped module access means each brand team only sees their own catalog, orders, and content.
Program store operators
Company stores and redemption programs where participants need single sign-on from the corporate directory. One login, controlled catalog, automatic deprovisioning when they leave the company.
SOC 2 audit preparation
When your auditor asks for access control evidence, you export it. Audit logs, multi-factor authentication enforcement records, and role-change history are all in one exportable report.
Business-to-business buyer portals
Business-to-business buyers log in through your portal with their company identity provider. Their catalog, pricing, and order history is scoped to their account without manual setup.
High-turnover warehouse teams
Seasonal staff cycles in and out. SCIM provisioning from your human resources system means warehouse access is granted on day one and revoked automatically on their last day.
Global distributed teams
Teams across multiple countries where geo-restriction and IP allowlisting matter for data residency compliance and limiting attack surface by region.
Related integrations
Your identity provider connects here. No middleware required.
Connect Okta, Azure Active Directory, Google Workspace, Auth0, or any SAML 2.0-compliant provider directly. One integration covers every platform module simultaneously.
Azure Active Directory
SAML 2.0 + SCIM. Native connector, no custom code.
Native
Google Workspace
OAuth 2.0 + OpenID Connect. Works with Google single sign-on out of the box.
Native
Auth0 / Okta
Full SAML 2.0 and OAuth 2.0 support. SCIM provisioning included.
Native
Any SAML 2.0 provider
OneLogin, Ping Identity, Duo Security: all supported via standard SAML.
Universal
Provider
Azure Active Directory
Last sync
4 minutes ago
Users synced
312 / 312
Status
Healthy
Is this right for you?
This fits well. This does not.
Good Fit
- You already use an identity provider and want to extend it to your commerce platform.
- Your team spans multiple roles and modules and separate logins are causing access management pain.
- You run a program store or company store where participant identity is managed by human resources or IT.
- You have a compliance requirement (SOC 2, GDPR, HIPAA adjacent) that demands documented access controls.
Not The Right Fit
- You are a solo operator with one admin and no compliance requirements: native login is sufficient.
- You do not have or plan to adopt a central identity provider: single sign-on requires one to connect to.
- You need a dedicated identity-as-a-service product: we handle platform identity, not enterprise identity and access management replacement.
Not sure? Tell us your situation and we will be straight with you.
Questions
What buyers ask before they review security.
Does single sign-on cover every
module, including product
information management, order management, and content
management, or just the storefront?
Every module, commerce, product information management, order
management, content management, marketplace, program store,
and forms, is covered by the same single sign-on
configuration. Your team members authenticate once and access
all permitted modules within that session. There is no
separate single sign-on setup per module.
Which identity providers are supported
out of the box?
Any SAML 2.0-compliant identity provider works natively,
including Azure Active Directory, Google Workspace, Auth0,
OneLogin, and Ping Identity. OAuth 2.0 and OpenID Connect are
also supported. If your provider issues a SAML metadata URL,
setup takes under 15 minutes.
Can we enforce multi-factor
authentication for admin accounts
but leave it optional for read-only users?
Yes. Multi-factor authentication enforcement is configured per
role, not per module. You can require TOTP or SMS for Admin
and Editor roles while keeping multi-factor authentication
optional for Viewer-only accounts. The policy applies across
all modules automatically, no per-app enforcement steps.
How does SCIM deprovisioning work when
a team member
leaves?
When a user is deactivated in your directory, the SCIM
connection propagates that change to the platform in real
time. All active sessions are terminated and access is revoked
across every module within seconds. No manual cleanup is
required on the platform side.
How long does the initial single
sign-on configuration
take?
For a standard SAML 2.0 connection to a supported provider,
configuration takes under 30 minutes. Role mapping and
multi-factor authentication policy setup adds another 20 to 30
minutes. Full SCIM provisioning setup including group mapping
can take a few hours depending on directory complexity. We
handle the configuration for you during onboarding.
Get started
Review your security posture with us.
Tell us how your team manages access today. We will show you exactly what unified identity looks like on your platform.
Form
Call within 48 hours · proposal in 3 days · Sprint 1 within 1 week of sign-off
Brief received.
We will review your security situation and send a scoped proposal within 3 business days.
48 hour response
Proposal in 3 days
120+ projects
You own the code
What happens next
1
Call within 48 hours
We review your brief before the call so your time is not wasted explaining context we already have.
2
Scoped proposal in 3 days
Line-by-line scope. No padded estimates. No commitment required to receive the proposal.
3
Sprint 1 within 1 week of sign-off
Single sign-on and multi-factor authentication configuration ships in Sprint 1. You see results before the invoice is due.
No commitment. No pitch.
Your brief is reviewed by our security and platform team, not routed to a sales queue. You get a specific, scoped answer, not a demo playbook.
One login away
Your identity provider is already the source of truth. Let your commerce platform use it.
Connect single sign-on in under 30 minutes. Add multi-factor authentication and SCIM in the same session. No middleware. No custom code. No lingering access gaps when your team changes.
Coverage
100%
modules covered by one single sign-on config