Single sign-on (SSO) gives users the ability to sign in to Avion through an identity provider (IdP) of your choice. Provided SSO is enabled and configured correctly for your organisation, your team will be able to access your Avion organisation with their corporate credentials.
Avion uses OpenID Connect (OAuth 2.0), a leading industry standard, for exchanging the authentication and authorisation data that Avion supports as a service provider (SP). No actual passwords are transferred to or from Avion during the authorisation.
✅ Scalable user management
Avion can create a new account in your organisation every time a new user from your directory logs into Avion via SSO — no extra invitations required. Employees who are removed from your corporate directory will lose access to your Avion organisation automatically, but all their associated data will remain intact.
✅ Unified profile data
Since your user identities are managed from one central location, this means that account profile names in Avion will match the names in your directory.
Your IT administrators will have more control over authentication. Avion users will not be able to change their name or email address on their own. Additionally, any security policies you have adopted internally (password rotation, multi-factor authentication, etc) will automatically apply to your Avion organisation.
Once an employee logs in to your corporate network, they can start using Avion without having to enter another set of login credentials. SSO is also a driver for seamless Avion adoption within your company. Your identity provider may also be able to monitor login activity and use the collected metrics to track Avion adoption.
If you're ready to setup single sign-on with your Avion organisation, we highly recommend you read the below guide which will walk you through the setup process and help you understand how SSO works once it has been enabled.