Feature: SSO Integration

Enterprise auth.

Overview

The Nova SSO integration supports enterprise identity providers as first-class. SAML 2.0 and OIDC are the standards; without both, enterprise procurement stalls at the security review stage.

• Enterprise auth. SAML 2.0 and OIDC support; the standards every enterprise IdP speaks; covers Okta, Azure AD, Google Workspace.
• SCIM provisioning. Automated user lifecycle; create, update, deprovision flow from the IdP without manual sync.
• Just-in-time provisioning. First-login user creation; new employees get access on day one without admin intervention.
• Group sync plus per-domain auto-routing. SSO groups drive Nova roles; email domain selects the IdP for seamless login.

The approach

The practical approach: SAML and OIDC both supported, SCIM for lifecycle automation, group sync for RBAC, per-domain routing for UX. The team’s discipline produces enterprise-ready auth that survives security review.

• SAML 2.0 and OIDC. Both standards supported; the customer picks the protocol their IdP prefers.
• SCIM provisioning. Automated user lifecycle; deprovisioning happens at the IdP, not in Nova’s admin UI.
• Group sync. SSO groups drive Nova roles; access control follows the existing IdP groups, not a parallel system.
• Per-domain routing. Email domain selects IdP; users do not pick "Login with X" from a list; the system knows.
• Document the integration. Per-IdP setup guide; supports customer adoption without manual hand-holding.

Why this compounds

SSO discipline compounds across customers. Each integrated IdP supports enterprise adoption; the team’s identity expertise accrues; new integrations get cheaper as the patterns mature.

• Better enterprise adoption. SSO matches procurement requirements; the security review passes on the first try.
• Better security posture. Centralised auth reduces account sprawl; the IdP is the source of truth for identity.
• Better lifecycle management. SCIM automates user lifecycle; offboarded employees lose access automatically.
• Institutional knowledge. Each integration teaches identity patterns; the team’s identity engineering muscle grows.

SSO discipline is a product investment that pays off across years. Nova AI Ops invests in enterprise readiness as a first-class surface.