Overview
ZeroPath supports enterprise identity management through SAML SSO, OIDC SSO, SCIM-based user provisioning, and HRIS directory sync. These features let your IT team enforce centralized authentication, automate user lifecycle management, and keep ZeroPath in sync with your identity provider. All enterprise identity features are powered by a self-service admin portal — your IT admin configures the connection directly, with step-by-step guidance for each identity provider.Supported Identity Providers
ZeroPath works with any SAML 2.0 or OIDC-compliant identity provider, including:| Provider | SSO | Directory Sync (SCIM) |
|---|---|---|
| Okta | SAML, OIDC | SCIM 2.0 |
| Microsoft Entra ID (Azure AD) | SAML, OIDC | SCIM 2.0 |
| Google Workspace | SAML, OIDC | Directory API |
| OneLogin | SAML, OIDC | SCIM 2.0 |
| JumpCloud | SAML | SCIM 2.0 |
| PingIdentity | SAML, OIDC | SCIM 2.0 |
| Other SAML/OIDC providers | SAML, OIDC | Varies |
Single Sign-On (SSO)
With SSO enabled, your team members authenticate through your identity provider instead of managing separate ZeroPath credentials. ZeroPath supports both SAML 2.0 and OpenID Connect (OIDC) protocols.What SSO provides
- Centralized authentication — users log in with their existing corporate credentials
- Automatic session management — sessions follow your IdP’s policies
- Domain-based routing — users with your email domain are automatically directed to your SSO provider at login
How setup works
Your IT admin configures the SSO connection through ZeroPath’s self-service admin portal. The portal provides step-by-step instructions specific to your identity provider — no ZeroPath engineering support is needed.SSO is available on Enterprise plans. Contact support@zeropath.com or your account team to enable it for your organization.
Directory Sync & User Provisioning (SCIM)
Directory Sync keeps your ZeroPath organization’s user list in sync with your identity provider. When you add or remove someone in Okta, Entra ID, or another directory, the change is reflected in ZeroPath automatically.What Directory Sync provides
- Automatic user provisioning — new users added to your IdP are created in ZeroPath without manual invitation
- Automatic deprovisioning — users removed from your IdP are removed from ZeroPath, closing access immediately
- Group and role sync — IdP group memberships map to ZeroPath organization roles (Admin/Member)
- Real-time updates — changes propagate via SCIM webhooks, not batch sync
How it works
- Your IT admin opens the Directory Sync section of the admin portal
- The portal walks them through creating a SCIM application in your identity provider
- They enter the SCIM endpoint URL and bearer token provided by the portal
- User and group changes flow automatically from that point forward
Setting Up (Existing Customers)
If you already have a ZeroPath account with admin permissions:Open the Admin Portal
Scroll to Admin Portal and click “Open Admin Portal”. Choose SSO Settings or Directory Sync depending on what you’re configuring.
The Admin Portal is only visible to organization admins. If you don’t see it, ask an admin in your organization or contact support@zeropath.com.
Setting Up (New Customers)
If you’re evaluating ZeroPath or haven’t created an organization yet, contact us and we’ll help you get started:- Email: support@zeropath.com
- Start a trial: zeropath.com/demo
FAQ
Can I enforce SSO for all users in my organization?
Can I enforce SSO for all users in my organization?
Yes. Once SSO is configured, you can require all users in your organization to authenticate through your identity provider. Users with your verified email domain will be automatically routed to SSO at login.
What happens when a user is removed from our identity provider?
What happens when a user is removed from our identity provider?
When a user is deprovisioned in your IdP, ZeroPath receives a SCIM event and removes them from your organization. Their sessions are invalidated and they lose access immediately.
Can we use SSO without Directory Sync, or vice versa?
Can we use SSO without Directory Sync, or vice versa?
Yes. SSO and Directory Sync are independent features. You can use SSO for centralized login without SCIM provisioning, or use SCIM provisioning with standard login methods. Most organizations enable both.
Do you support HRIS providers like Workday, BambooHR, or Rippling?
Do you support HRIS providers like Workday, BambooHR, or Rippling?
ZeroPath supports directory sync with HRIS providers that expose a SCIM-compatible API or integrate with your identity provider. In practice, most HRIS-to-ZeroPath sync is handled by connecting your HRIS to your IdP (e.g., Okta or Entra ID), which then syncs to ZeroPath via SCIM.
How long does setup take?
How long does setup take?
Most IT admins complete SSO or Directory Sync setup in under 15 minutes using the self-service admin portal. No ZeroPath engineering involvement is required.