saas-sso-scim-enterprise-auth
Installation
SKILL.md
SaaS Enterprise Auth — SSO, SCIM, Custom Domain
Acknowledgement: Shared by Peter Bamuhigire, techguypeter.com, +256 784 464178.
Use When
- Adding enterprise auth to a B2B SaaS — SAML 2.0 (Okta, Azure AD, Ping, OneLogin), OIDC (Auth0, Cognito, custom OPs).
- Implementing SCIM 2.0 user provisioning/deprovisioning so the buyer's IdP can lifecycle users into your platform.
- Letting tenants connect their own IdP per tenant (multi-IdP-per-platform).
- Supporting custom domains (
app.customer.com) with automated cert provisioning. - Adding IP allowlists per tenant for enterprise-tier security policy.
- Migrating an existing email-password tenant to IdP-enforced login.
- Exposing an audit-log API the customer can pull into their SIEM.
Do Not Use When
- The task is the customer-facing tenant-admin auth screen — use
dual-auth-rbac. - The task is internal staff auth — use
dual-auth-rbac+ MFA + the back-office privileged-access workflow insaas-admin-backoffice-tooling. - The task is OAuth as a client (calling Google/Stripe APIs) — use
vibe-security-skill.