Features +

Worktime

Time, leave and planning

People & HR

Profiles, documents and lifecycle

Performance

Feedback, goals and growth

Platform

Integrations, security and reporting

Solutions +
Pricing
Learn more +
Start free Sign in
← Back to integrations
AVAILABLE IDENTITY & SSO

Single Sign-On

Sign in with Google Workspace or Microsoft Entra ID — no SAML, no IT queue

One admin panel, two enterprise providers. Enable Google Workspace, Microsoft Entra ID, or both on your tenant, set your corporate domain, and your team signs in to Orquiva with their corporate account from day one. No SAML, no IT queue.

Connect from your panel → Book a demo

WHAT IT DOES

Single Sign-On in Orquiva

01

Google Workspace + Microsoft Entra ID, today

Both major OIDC providers supported from the same panel. Enable one, the other, or both in parallel — your team picks how to sign in.

02

Email-domain auto-provisioning

Configure "company.com" per provider and any new account from that domain signs in and self-provisions on first login. No IT tickets.

03

Force-SSO with lockout guard

Hide password login when you're ready — per provider. Only activates if at least one admin has linked that provider, so you can't lock yourself out.

04

Multiple identities per user

Each user can have Google and Microsoft linked to the same record. Useful in migrations or mixed teams.

05

Per-tenant config from the admin panel

Each tenant decides which providers to enable, which domains to accept and whether to force SSO. Zero global config — each customer owns their own.

WHAT IT DOESN'T DO (YET)

What we admit without dressing up. Need something missing? Tell us and it joins the roadmap.

  • Corporate accounts only — Google Workspace or Microsoft Entra ID. Personal @gmail.com and @outlook.com are excluded by design.

  • No SCIM provisioning yet. SSO authenticates, it doesn't sync joiners/leavers. SCIM ships in the next iteration.

  • Okta and other SAML providers are on the roadmap — the pattern is ready, they just need their tab in the panel.

SETUP

Three steps, five minutes.

  1. 1

    Open the SSO panel

    Settings → Security → Single Sign-On. Requires admin:page:sso permission.

  2. 2

    Enable the provider you've got

    Google and Microsoft share the same form: enable + corporate domain. Activate both in parallel if your team is mixed.

  3. 3

    Link your own account before Force-SSO

    As admin, do one test SSO login. Only then can you safely flip Force-SSO without risking lockout.

PRIVACY & DATA

Required permissions

  • — openid email profile — minimal OIDC scope, no Calendar/Gmail/Drive/OneDrive/Mail access

Orquiva only receives email, name and the provider's unique identifier. No access to Calendar, Drive, Gmail (Google) or OneDrive, Mail (Microsoft) with this scope. For those, configure the corresponding integration separately.

FREQUENTLY ASKED QUESTIONS

If I already have Google Workspace connected, do I need to do anything else? +

Yes, they're independent flows. Workspace = data (Calendar, Gmail, Sheets). SSO = authentication. Enable them separately under Settings.

Can I have Google and Microsoft enabled at the same time? +

Yes — designed for mixed teams. Each user signs in with whichever provider their corporate account lives on.

What happens if an employee leaves the company? +

When you deactivate them in Workspace or Entra ID, they can't SSO any more. Remember to deactivate them in Orquiva to revoke any live session.

Start using Single Sign-On with Orquiva today.

Setting up the integration takes less than five minutes.

Connect from your panel → Browse other integrations