1n1nCall

Docs

SSO (SAML / OIDC) · Enterprise

Federate sign-in to sso.1nflow.ai or your own IdP. Enterprise plan only.

How it works

When SSO federation is enabled, the workspace defers authentication to sso.1nflow.ai over OIDC. The bridge maps the IdP's email claim to a local User, ensures a Membership row exists in the workspace, and mints a 1nCall JWT for the session.

Enabling SSO

  • Upgrade the workspace to Pro.
  • Set SSO_FEDERATION_ENABLED=true on the API.
  • Set SSO_ISSUER, SSO_CLIENT_ID, SSO_REDIRECT_URI.
  • Workspace admins → Members → "Use SSO for this workspace" toggle.

Endpoints

GET  /sso/login?workspaceId=<id>  → { authorizeUrl }
GET  /sso/callback?code=&state=   → mints session, redirects to /dashboard

Bring your own IdP

sso.1nflow.ai is one acceptable issuer; any standards-compliant OIDC provider (Okta, Azure AD, Google Workspace, Auth0, Keycloak) works. Point SSO_ISSUER at the provider's .well-known/openid-configuration root.

Previous

Members, roles & RBAC

Next

Per-workspace branding