Security

Enterprise access, centrally governed.

If an employee leaves your organization, they shouldn't retain access to your operational data. Secure your platform boundary by instantly provisioning and de-provisioning users via your existing Identity Provider (IdP).

Get Started FreeView Pricing

Zero-friction security for high-turnover industries.

In franchise and multi-unit hospitality, store manager turnover can exceed 50% annually. Manually adding and dropping email addresses in an application dashboard is a critical security vulnerability. OpsScaleIQ's robust SSO integration shifts the burden of access control securely back to your central IT directory.

Enterprise Implementation Path

  1. 1Discovery — Our architecture team meets with your IT/SecOps department to exchange XML metadata files and ACS URLs.
  2. 2Attribute Mapping — We map standard claims (Name, Email, Job Title, Store ID) from your IdP directly into the OpsScaleIQ user model.
  3. 3Domain Lockdown — Once verified, OpsScaleIQ implements a strict domain constraint. Any login attempt from `@yourcompany.com` forces a redirect through your Identity Provider, preventing rogue local account creation.
  4. 4Go Live — Employees simply click "Sign in with SSO" and are instantly authenticated into their correct store location without memorizing new passwords.

SSO & Identity capabilities

SAML 2.0 & OIDC Support

Fully compatible with all major protocols required by enterprise IT departments, ensuring a frictionless security review process.

Major IdP Integrations

Natively supports Okta, Microsoft Entra ID (Azure AD), Google Workspace, OneLogin, and Ping Identity right out of the box.

Just-in-Time (JIT) Provisioning

Automatically create user accounts in OpsScaleIQ the first time an employee logs in via SSO, eliminating manual seat assignments.

IdP Group Mapping

Map Okta or Azure AD groups directly to OpsScaleIQ Role-Based Access Control (RBAC) tiers (e.g., Okta "Store Managers" group auto-assigns the "Store Manager" policy).

Enforced Multi-Factor Authentication

Piggyback off the advanced MFA protocols (YubiKey, Authenticator Apps, Biometrics) already established by your corporate IT team.

One-Click Offboarding

When HR terminates an employee in your central directory, their access to the OpsScaleIQ dashboard and mobile app is revoked instantly worldwide.

Available on these plans

Lite

Not available

Essential

Not available

Growth

Not available

Enterprise

Required feature

Compare all plans →