Skip to main content
Single Sign-On lets your employees access Miteos through your existing corporate identity provider — no separate Miteos passwords to create, rotate, or remember. When SSO is enabled, your IT team controls access centrally: onboard a new employee in your IdP and they get Miteos access automatically; offboard them and access is revoked immediately.

Supported Identity Providers

Miteos SSO supports every major enterprise identity provider out of the box.

Okta

Connect via SAML 2.0 or OIDC. Works with Okta’s Universal Directory and Okta Verify MFA.

Azure Active Directory

Full support for Azure AD (Entra ID) including Conditional Access policies and Azure MFA.

Google Workspace

Use your Google Workspace identity for SSO. Compatible with Google’s 2-Step Verification.

OneLogin

SAML 2.0 and OIDC connection with support for OneLogin’s SmartFactor Authentication.

PingFederate

Enterprise-grade SAML federation for large organizations running PingIdentity infrastructure.

Any SAML 2.0 Provider

Works with any identity provider that supports the SAML 2.0 standard.
Miteos also supports any OIDC-compliant identity provider. If you do not see your IdP listed, contact sales@miteos.com and we will confirm compatibility.

Setting Up SSO

Test SSO with a non-admin account before enabling enforcement. If enforcement is turned on before verifying the connection works, you risk locking yourself — and your entire team — out of Miteos. Always keep a recovery admin account outside the SSO flow until testing is complete.
1

Open the SSO settings page

In your Miteos dashboard, go to Settings → Security → Single Sign-On.
2

Start the configuration wizard

Click Configure SSO. You will be guided through a step-by-step setup flow.
3

Select your identity provider

Choose your IdP from the list. If yours is not listed, select SAML 2.0 or OIDC to configure it manually.
4

Register Miteos in your IdP

Copy the Miteos ACS URL (Assertion Consumer Service URL) and Entity ID displayed in the wizard, then paste them into the corresponding fields in your identity provider’s application settings.
5

Paste your IdP metadata into Miteos

After saving the application in your IdP, copy its Metadata URL (or download the metadata XML / certificate) and paste it back into the Miteos SSO wizard.
6

Test the connection

Use the Test Connection button and sign in as a non-admin team member. Confirm that authentication succeeds and the user lands in Miteos with the correct role.
7

Enable SSO (and optionally enforce it)

Once the test passes, click Enable SSO. To require all users to authenticate via your IdP — and disable password-based logins — toggle on Enforce SSO for all members.

SSO Enforcement

When you enable SSO enforcement, the following changes take effect immediately:
  • Password logins are disabled for all team members. The standard email/password login form will reject sign-in attempts for your domain.
  • All users must authenticate through your IdP. Members who are already logged in will be signed out on their next session.
  • New users are auto-provisioned on their first successful SSO login (see Just-in-Time Provisioning below).
You can disable enforcement at any time from the SSO settings page, which immediately re-enables password-based logins as a fallback.

Just-in-Time Provisioning

When a user from your organization signs in via SSO for the first time, Miteos automatically creates a new account for them — no manual invitation required. Their account is created with the default role you configure in the SSO settings (typically Member).
Set the JIT default role to Viewer if you want new users to have read-only access until an Admin explicitly upgrades their role. This is a safe default for large organizations where not every employee needs to run agent tasks.
After auto-provisioning, the new user appears in your team member list and an Admin or Owner can adjust their role at any time.

SCIM Provisioning

SCIM (System for Cross-domain Identity Management) takes SSO a step further by automating the full user lifecycle — not just authentication, but provisioning and deprovisioning as well. With SCIM enabled:
  • Add a user to the Miteos group in your IdP → their Miteos account is created automatically.
  • Remove a user from the group → their Miteos account is deactivated immediately, with no action needed in Miteos.
  • Update a user’s attributes (such as name or department) in your IdP → the changes sync to Miteos.
This is especially valuable for large enterprises where HR systems drive provisioning workflows. SCIM is available on the Enterprise plan. Contact sales@miteos.com to enable SCIM for your organization.
SSO is available on the Business and Enterprise plans. To enable SSO for your team, contact sales@miteos.com.