Novaza SSO#
Novaza SSO is the identity and access management layer that powers authentication and authorization across the entire Novaza platform. It provides a single, centralized directory of users, a flexible role-based permission system, and support for industry-standard SSO protocols so that your team — and your customers — can authenticate once and access every product seamlessly.
Every Novaza workspace includes SSO at no additional cost. Enterprise plans gain access to advanced features such as SAML 2.0 federation and workspace-wide multi-factor authentication enforcement.
Key Features#
- User Management — create, update, deactivate, and delete user accounts with profile and metadata
- Role-Based Access Control (RBAC) — define roles with granular permissions and assign them to users or groups
- Single Sign-On — configure OIDC or SAML 2.0 for external identity providers (Google Workspace, Microsoft Entra ID, etc.)
- Social Login — allow users to log in with Google or Microsoft accounts
- Multi-Factor Authentication — enforce TOTP-based MFA per role or organization-wide
- Bulk Provisioning — import users in bulk via CSV or invite via shared signup links
- Audit Log — comprehensive record of all authentication events and administrative changes
- Session Management — view and revoke active user sessions
Architecture#
Novaza SSO acts as the central identity provider for all Novaza products. When a user logs in, they authenticate once against SSO, which issues a signed JWT session token. All downstream products (Office, Desk, Pulse, Live, Personeo) validate this token without prompting for credentials again.
When you integrate an external identity provider (e.g., Google Workspace), SSO acts as the service provider in the OIDC/SAML flow and translates the external identity into a Novaza user account and role assignment.