Enterprise SSO
For Your Whole Team
Centralise DeployHQ access through your identity provider. Native SAML 2.0 support means access lives where your IT team already manages it — no separate logins to provision, rotate, or audit.
Last updated on 29th May 2026
Single Sign-On lets your team sign into DeployHQ with the identity provider you already use for the rest of your stack. Your IT team provisions access in one place, revokes it in one place, and inherits MFA, conditional access, and session policies you have already configured. No separate DeployHQ password to leak, rotate, or forget.
Works With Your Identity Provider
Native SAML 2.0 — bring whichever IdP your IT team already runs.
Okta
One of the most common enterprise IdPs. Drop in the SAML metadata and you're done.
Microsoft Entra ID
Formerly Azure AD. Works out of the box with Entra-managed users and groups.
Google Workspace
Bring your @company.com users in via Google's SAML app catalogue.
Auth0
Configure DeployHQ as a SAML application and let Auth0 handle the rest.
Any SAML 2.0 IdP
JumpCloud, OneLogin, Keycloak, PingIdentity, and any other SAML-compliant provider work the same way.
Why Enable SSO on DeployHQ
Stop managing yet another set of credentials in yet another tool.
Centralised Access Control
Provision and deprovision DeployHQ access from the same console your team already uses. New hires get access when they join the right group; leavers lose it the moment they're disabled.
Inherit Your Security Policy
MFA, conditional access, device posture, IP allow-lists, and session-length policies configured at the IdP automatically apply to DeployHQ. No separate policy surface to keep in sync.
No DeployHQ Password to Leak
Users authenticate against your IdP, not DeployHQ. There's no password for DeployHQ to store, hash, or have stolen in a breach.
Audit-Ready
Every sign-in shows up in your IdP's audit log alongside the rest of your SaaS estate — useful for SOC 2, ISO 27001, and internal access reviews.
Built For
Common scenarios where SSO pays for itself in week one.
Growing engineering teams
When more than a handful of engineers can deploy, you need a single source of truth for who can — and SSO makes that source of truth your IdP, not a spreadsheet.
Compliance & audits
SOC 2 and ISO 27001 reviewers expect centralised authentication and prompt deprovisioning. SSO delivers both without manual reconciliation.
Agencies with rotating staff
Contractors and short-term staff get access through a group, and lose it the moment that group membership ends — no orphan accounts left behind.
Enable SSO in your account
Add the DeployHQ app in your IdP
Use your IdP's SAML application template and copy the ACS URL and entity ID from your DeployHQ account.
Upload your IdP metadata
Paste the metadata URL or upload the XML file from your IdP into DeployHQ. We validate the certificate and required fields immediately.
Assign your team
Add the relevant groups or users in your IdP. Your team signs in through the IdP from then on.
Frequently Asked Questions
Which identity providers are supported?
DeployHQ supports any SAML 2.0 identity provider, with first-class setup instructions for Okta, Microsoft Entra ID (formerly Azure AD), Google Workspace, and Auth0. JumpCloud, OneLogin, Keycloak, PingIdentity, and other SAML-compliant providers work the same way.
Can users still sign in with a password?
Account administrators can require SSO for every user on the account — once enforced, password sign-in is disabled for those users. We recommend keeping at least one emergency break-glass account if your IdP suffers an outage.
Does SSO replace MFA?
SSO defers authentication to your IdP, so MFA enforcement lives there too. If your IdP requires MFA, DeployHQ access requires MFA. You do not need to configure MFA separately in DeployHQ.
What happens when a user leaves the company?
Deactivating the user (or removing them from the relevant group) in your IdP cuts off their DeployHQ access immediately — no separate offboarding step inside DeployHQ.
Is SSO available on every plan?
SSO is part of our enterprise-tier offering. Contact us if you're on a smaller plan and want to talk about access — we work with teams of every size.
Bring DeployHQ inside your IdP
Stop managing a separate login for the tool your team deploys with every day.
10-day free trial • No setup fees • Cancel anytime
Explore More Features
Discover all the tools that make DeployHQ the easiest way to deploy your code.
Zero Downtime Deployments
→One-Click Rollback
→Turbo Deployments
→Build Pipelines
→Docker Builds
→Deployment Checks
→Deployment Targets
→Automatic Deployment
→Deployment Templates
→Deploy Behind Firewalls
→SSH Deployment
→Deployment Zones
→Team & Permissions
→Single Sign-On
→Custom Actions
→Server Management
→Static Sites & S3
→CLI & Agents
→Powerful Integrations
→Get started today for just $9/month
That's unlimited deployments and 3 projects.