Enterprise User Management

Enterprise accounts get advanced user management: Single Sign-On (SSO) with SAML/OAuth, SCIM provisioning (auto-add/remove users), User groups and teams, Delegated administration, Granular permissions, Session management, Advanced audit logging. Contact sales to enable Enterprise features.

SSO allows users to log in with corporate identity: Supported: SAML 2.0, OAuth 2.0/OIDC, Identity providers: Okta, Azure AD, Google Workspace, OneLogin, Auth0, Custom SAML IdP. Benefits: Centralized access control, No password management, Enforce MFA via IdP, Simplified onboarding/offboarding.

To configure SAML SSO: Go to Settings → Security → SSO, Select 'SAML 2.0', Enter IdP metadata URL or upload XML, Configure attribute mapping (email, name, groups), Set SSO enforcement (required or optional), Test SSO login, Enable SSO for organization.

1. Get SAML metadata from your IdP (Okta, Azure AD, etc.)
2. Configure Audenci as SAML app in IdP
3. Enter Audenci ACS URL and Entity ID
4. Upload IdP metadata to Audenci
5. Map SAML attributes (email, firstName, lastName)
6. Test login with test user
7. Enable SSO enforcement

SCIM (System for Cross-domain Identity Management) automates user lifecycle: Auto-create users when added to IdP, Auto-update user attributes (name, email), Auto-deactivate users when removed from IdP, Sync group memberships, Real-time or scheduled sync. Eliminates manual user management.

To configure SCIM provisioning: Go to Settings → Security → SCIM, Generate SCIM API token, Note SCIM base URL, In your IdP: Add Audenci SCIM app, Enter SCIM URL and token, Configure attribute mapping, Enable provisioning, Test provisioning with test user.

Organize users into groups: Marketing team, Sales team, Product team, Regional teams (EMEA, APAC, Americas), Client-specific teams (for agencies). Groups can have: Shared permissions, Brand access restrictions, Credit quotas (coming soon). Sync groups from IdP via SCIM.

Delegate admin tasks to team leads: Brand Admins (manage specific brands only), Group Admins (manage specific groups/teams), Billing Admins (manage billing, not content), Support Admins (view-only for troubleshooting). Delegated admins don't need full Admin role, reducing security risk.

Fine-grained permission control (Enterprise only): Create posts (yes/no), Edit own posts (yes/no), Edit others' posts (yes/no), Delete posts (yes/no), Publish posts (yes/no), Approve posts (yes/no), Manage campaigns (yes/no), View analytics (yes/no), Manage social accounts (yes/no), Invite users (yes/no). Create custom roles with specific permission sets.

Control user sessions: Set max session duration (default: 30 days), Force logout on password change, Revoke all sessions (security incident), View active sessions per user, Monitor concurrent sessions, Idle timeout (auto-logout after inactivity). Enforce re-authentication for sensitive actions.

Restrict access to corporate IPs (Enterprise only): Enter allowed IP ranges, Block access from other IPs, Allow VPN IPs, Set exceptions for specific users (traveling employees). IP whitelisting prevents unauthorized access from outside corporate network.

Enterprise audit logs include: User provisioning events (SCIM), SSO login attempts (success/failure), Permission changes, Session creation/termination, IP addresses, Browser/device info, API access, Admin actions. Logs retained 1 year (vs 90 days for standard plans). Export logs for SIEM integration.

• Enable SSO for centralized access control
• Use SCIM for automated user lifecycle
• Test SSO/SCIM with small group before org-wide rollout
• Create groups aligned with your org structure
• Use delegated admin for team leads
• Enable MFA at IdP level (not just Audenci)
• Monitor audit logs for suspicious activity
• Review and rotate SCIM tokens quarterly
• Document SSO setup for disaster recovery