Single Sign-On (SSO)

Let your team access Vapi through your identity provider using SAML or OIDC.

SSO is an enterprise-only feature. To enable it, talk to the Vapi sales team.

Overview

With SSO, your team signs in to Vapi through your existing identity provider (IdP) instead of separate Vapi credentials, giving IT centralized control over access.

Vapi works with any IdP that supports SAML 2.0 or OpenID Connect (OIDC), including Google Workspace, Microsoft Entra ID (formerly Azure AD), and Okta.

Setup

Once SSO is enabled for your organization, Vapi provides your IT administrator with a secure link to configure your provider’s credentials in the SSO admin panel.

Access management

Vapi does not support SCIM provisioning. When a user signs up, they create their own Vapi account; your IT administrator then invites them into your organization. Permissions are managed within Vapi using Role-Based Access Control (RBAC) at the application layer.

Role-based access control (RBAC)

RBAC controls what each member can do in your organization. You assign a role when you invite a member to your organization.

Three roles are available:

RoleAccess
AdminRead and write everything
EditorRead and write everything except Org Settings, Billing, Members, and API Keys.
ViewerRead-only access to everything except Org Settings, Billing, Members, and API Keys.

Use Editor to give developers full build and test access without exposing billing or member management.

Need help?

To enable SSO or ask about configuration, talk to the Vapi sales team.