Skip to main content
Athena supports enterprise Single Sign-On (SSO) so your team can log in using your organization’s existing identity provider. SSO eliminates the need for separate Athena passwords and lets your IT team enforce centralized authentication policies across the organization.

Supported Protocols

Athena’s SSO integration supports the following identity standards:
  • SAML 2.0 — The widely adopted standard for enterprise SSO, supported by all major identity providers.
  • OIDC (OpenID Connect) — A modern authentication layer built on OAuth 2.0, used by providers like Microsoft Entra ID, Okta, and others.
  • SCIM (System for Cross-domain Identity Management) — Automates user provisioning and deprovisioning, keeping your Athena user directory in sync with your identity provider.

Supported Identity Providers

Athena works with any SAML 2.0 or OIDC-compliant identity provider, including:
  • Microsoft Entra ID (formerly Azure AD)
  • Okta
  • Google Workspace
  • OneLogin
  • ForgeRock
  • Ping Identity
  • Any other SAML 2.0 or OIDC-compliant provider

How SSO Works in Athena

When SSO is enabled for your organization:
  1. Users visit the Athena login page and click the SSO login button for your organization’s identity provider.
  2. Users are redirected to your identity provider (e.g., Microsoft Entra ID, Okta) to authenticate using your organization’s standard login flow, including any multi-factor authentication (MFA) your organization requires.
  3. After successful authentication, users are redirected back to Athena and signed in automatically.
  4. User accounts are matched by email — regardless of which identity provider authenticates a user, they are linked to the same Athena account based on their email address.
When SSO is active, users do not need a separate Athena password. Authentication is fully managed by your organization’s identity provider.

Setting Up SSO

SSO configuration is handled by your organization’s IT team. Your Athena account team will provide a dedicated setup link for your IT team. This link opens a guided wizard that walks through the SAML/OIDC/SCIM configuration process step by step.
1

Request the Setup Link

Contact your Athena account representative or reach out to team@athenaintel.com to request the Enterprise SSO & SCIM setup link for your organization.
2

Share with Your IT Team

Forward the setup link to a member of your IT team who has admin access to your organization’s identity provider (e.g., Azure AD Global Admin, Okta Super Admin).
The setup link does not require an Athena account to access. It is specifically designed for IT administrators who may not yet have user accounts in Athena.
3

Complete the Configuration Wizard

Your IT administrator follows the guided wizard to configure the connection between your identity provider and Athena. The wizard covers:
  • Selecting the identity provider type (SAML or OIDC)
  • Entering the required credentials and endpoints from your identity provider
  • Optionally configuring SCIM for automated user provisioning
4

Test and Verify

After completing the wizard, your IT team should test the SSO login flow by having a user sign in through the identity provider to confirm the connection is working correctly.

Security & Privacy

Athena’s SSO integration is built with enterprise security in mind:
  • No password storage: When SSO is enabled, Athena does not store or manage user passwords. All authentication is handled by your organization’s identity provider.
  • Centralized access control: Your IT team retains full control over who can access Athena through your identity provider’s user and group management.
  • MFA enforcement: Any multi-factor authentication policies configured in your identity provider are automatically enforced for Athena logins.
  • Session management: SSO sessions follow your identity provider’s session policies. Users are automatically signed out according to your organization’s session timeout rules.
  • Access revocation: When a user is deactivated in your identity provider, they will be unable to start new sessions in Athena. Any existing sessions will expire according to your session timeout policies.
  • Automated deprovisioning with SCIM: With SCIM enabled, users deactivated in your identity provider are automatically deactivated in Athena, ensuring no stale accounts remain.
  • Audit trail: All SSO authentication events are logged and available for compliance reporting.

SCIM User Provisioning

When SCIM is enabled alongside SSO, your organization benefits from:
  • Automatic user creation: New users added in your identity provider are automatically provisioned in Athena.
  • Automatic deprovisioning: Users removed or deactivated in your identity provider are automatically deactivated in Athena.
  • Attribute sync: User profile attributes (name, email, department) are kept in sync between your identity provider and Athena.
For questions about SSO setup or configuration, contact your Athena account representative or reach out to team@athenaintel.com.