SAML SSO Setup
Enterprise plans can enforce Single Sign-On via SAML 2.0. Once configured, all team members must authenticate via your identity provider (Okta, Azure AD, Google Workspace, etc.) — no password logins are permitted.
Okta
- 1Create a new SAML 2.0 app in Okta
- 2Set the ACS URL: https://clerk.opsscaleiq.com/sso-callback
- 3Set Entity ID: https://opsscaleiq.com
- 4Map email, firstName, lastName attributes
- 5Copy the IdP SSO URL and certificate
- 6Paste into OpsScaleIQ Settings → Security → SAML SSO
Azure Active Directory
- 1Go to Azure AD → Enterprise Applications → New Application
- 2Choose "Non-gallery application"
- 3Configure Single Sign-On → SAML
- 4Set Reply URL (ACS): https://clerk.opsscaleiq.com/sso-callback
- 5Set Identifier (Entity ID): https://opsscaleiq.com
- 6Download Federation Metadata XML and upload in OpsScaleIQ Settings
For other SAML 2.0-compatible IdPs (Google Workspace, Ping Identity, OneLogin), the configuration follows the same pattern. Contact [email protected] for provider-specific help.
CCPA Staff Recognition Controls
Under the California Consumer Privacy Act (CCPA), reviews that name or reference individual employees may trigger data subject rights. OpsScaleIQ provides a CCPA flag that can be applied to any review, which:
- Prevents Auto-Pilot from publishing a response to that review
- Tags the review with a visible CCPA badge in the reviews feed
- Excludes the review from aggregate analytics exports by default
- Logs the flag event in the compliance audit trail
- Notifies the org Owner by email when a CCPA flag is applied
To flag a review: open it in the Reviews feed, expand the review card, and click the shield icon. CCPA flags can only be removed by users with Owner or Manager role.
GDPR Data Export & Deletion
OpsScaleIQ supports GDPR data portability and right-to-erasure requests. All data export and deletion operations are available to org Owners:
Data Export
Download a full JSON export of all reviews, responses, triage data, and analytics for your organization. Go to Settings → Security → Export Organization Data.
Reviewer Name Anonymization
For GDPR requests to remove a reviewer's name: open the review, click "Anonymize Reviewer Name". This replaces the name with "Anonymous User" across all views.
Data Deletion
To delete specific reviews from OpsScaleIQ (note: this does not remove them from Google): contact support with the review IDs. Bulk deletion is available via API for Enterprise.
DPA (Data Processing Agreement)
Enterprise customers can request a signed DPA. Contact [email protected] with your organization details.
Brand Portal (Franchisor View)
Enterprise customers with a franchise or multi-brand structure can use the Brand Portal — a read-only aggregated view across all franchisee locations. The Brand Portal enables corporate teams to:
- View all location OpsScores™ in a unified dashboard
- Filter by region, brand, or custom location tags
- Identify underperforming franchisees by OpsScore™ percentile
- Export cross-location compliance reports as PDF
- Set minimum response rate targets and receive alerts when locations miss them
- View aggregate issue category trends across the entire portfolio
Brand Portal access is provisioned by your OpsScaleIQ account manager. Contact [email protected] to request setup.
Audit Logging
Enterprise plans include a full audit log of security and data events, accessible in Settings → Security → Audit Log:
| Event | Who |
|---|---|
| Member invited / removed | Owner |
| Role changed | Owner |
| CCPA flag applied / removed | Manager / Owner |
| API key generated / revoked | Owner |
| Data export initiated | Owner |
| SSO config changed | Owner |
| Billing plan changed | Owner |