Single Sign On

Single Sign On (SSO) mitigates compliance and security risks for organizations by giving businesses control over user authentication and user revocation via corporate mandated tools.

If you'd like to utilize SSO for your company to access Kevel, Kevel will provide documentation with steps necessary to integrate your Identity Provider (IdP) with Kevel. They are best suited for System Administrators or staff knowledgeable about SSO administration.

Once configured, Kevel acts as a Service Provider (SP) and allows users to login either via IdP initiated flows or Service Provider initiated flows.

Kevel can support the following SSO features:

  • SSO login through OpenID Connect (OIDC) or SAML IdPs. (If you use Okta, ask about our documentation with steps specific to setting up Kevel in Okta!)
  • User authentication via IdP configuration (automatic / just-in-time provisioning)
  • Automatic user access to the default Kevel network(s) specified for your organization. Learn more about Organizations & Networks.

Kevel SSO integration does not support the following capabilities:

  • User authorization via SAML. User permissions may be managed via the Kevel user interface only. Learn more about User Permission Levels.
  • Automatic deprovisioning / single logout. Users who have been deprovisioned in your IdP will be automatically logged out of Kevel when their session expires, and will not be able to log back in. Sessions expire after the earlier of 6 hours of inactivity or 12 hours since last login. User access may be immediately revoked by deactivating the user in the Kevel UI.

Kevel will continue to enhance its offerings and may support these, and other features, in the future.