SSO/SAML

What is SSO (and SAML)?

  • SSO: One secure login to access all your tools.

  • SAML: An industry-standard protocol that lets your Identity Provider (IdP) (e.g., Okta, Microsoft Entra ID/Azure AD, Google Workspace, OneLogin, Ping) authenticate users for Kernel without new passwords.

Why it matters

  • Stronger security: Enforce MFA, conditional access, and identity policies centrally via your IdP.

  • Fewer passwords: Reduce password fatigue and the risk of credential reuse/phishing.

  • Faster access: Users sign in once and get in—no account creation or password resets.

  • Better compliance: Centralized identity controls help meet SOC 2, ISO 27001, GDPR requirements.

Key benefits

Security & Compliance

  • MFA everywhere: Use your existing MFA, risk-based sign-in, and device posture checks.

  • Least-privilege by default: Access is gated by your IdP group/role assignments.

  • Audit-ready: Authentication logs live in your IdP. Easier evidence collection for audits.

  • Rapid offboarding: Disable access in one place; it propagates instantly.

  • Data minimization: Authentication delegated to your IdP via SAML; Kernel doesn’t store user passwords.

  • Standards-based: SAML 2.0 compatibility with leading IdPs.

Admin & IT Efficiency

  • Zero new password lifecycle: No password resets or account provisioning tickets.

  • Centralized control: Manage access by groups and roles in your IdP.

  • Consistent policy enforcement: Apply conditional access and geo/IP rules once.

  • Scale-ready: Add or remove users as your org changes—no app-by-app bookkeeping.

Employee Experience

  • One-click access: Users already logged into their IdP get straight into Kernel.

  • No new credentials: Less friction, less confusion, less downtime.

  • Familiar flow: Works with the same login experience your team already uses.

FAQ

Will this work with our IdP?

  • Yes - Kernel can support Okta, Microsoft Entra ID (Azure AD), Google Workspace, OneLogin, Ping, and other SAML 2.0 providers.

Does Kernel support password authentication?

  • No, currently we only support logic with a OTP code sent via email and SSO. SAML can be turned on should you require it.

What does Kernel use for the SSO/SAML?

  • We have built this with WorkOs - a leader in the field.

PreviousUsing Kernel for prioritization

Last updated