ORIGIN9 Feature
Team Management & SSO
Your internal team — roles, invitations, SSO, SCIM, session security — no separate vendor.
Every Origin9 tenant gets native team management — no external identity vendor required. Invite users with Viewer, Developer, or Admin roles. Verify email domains and auto-route matching users to your SSO provider (Google Workspace, Microsoft 365, Okta, OneLogin, or any SAML 2.0 / OIDC provider) with JIT provisioning. SCIM handles automated create/suspend/delete and group-to-role mapping from Okta or Azure AD. Session security is tight by default — configurable lifetime, idle timeout, concurrent session limits, device fingerprinting, and remote termination. Password policy (complexity, expiry, history) and org-wide MFA enforcement round it out.
Three Organization Roles
Viewer (read-only), Developer (edit + deploy to non-prod), Admin (full control of infrastructure and production).
SSO with Six+ Providers
Google Workspace, Microsoft 365, Okta, OneLogin, any SAML 2.0, any OIDC provider — with just-in-time provisioning.
SCIM Provisioning
Automatic user creation, suspension, group sync, and role mapping from Okta or Azure AD — user lifecycle without spreadsheets.
Domain-Based Routing
Verify email domains and auto-route matching users to your SSO provider. Multiple verified domains per organization.
Session Security
Configurable lifetime, idle timeout, concurrent session limits, device fingerprinting, and remote termination of active sessions.
Password Policy & MFA
Min length, complexity, expiry, and reuse history. Enforce MFA (TOTP or WebAuthn) for the entire organization.
What This Replaces
Related Features
Ready to try Team Management & SSO?
From idea to production in days. Not months.