> ## Documentation Index
> Fetch the complete documentation index at: https://docs.scrubbe.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication & Single Sign-On

> Sign in to Scrubbe using GitHub, GitLab, Google Workspace, Microsoft Entra ID, Okta, OneLogin, or enterprise OIDC and SAML 2.0 identity providers.

Secure access to Scrubbe can be configured using personal developer identities, enterprise identity providers, or organization-wide Single Sign-On (SSO). Scrubbe supports modern authentication standards including **OAuth 2.0**, **OpenID Connect (OIDC)**, and **SAML 2.0**.

<Note>
  Authentication methods available to your organization depend on your administrator's configuration.
</Note>

## Overview

Scrubbe supports the following authentication providers:

| Provider           | Authentication Type |
| ------------------ | ------------------- |
| GitHub             | OAuth 2.0           |
| GitLab             | OAuth 2.0           |
| Google Workspace   | OAuth 2.0 / OIDC    |
| Microsoft Entra ID | OIDC                |
| Okta               | OIDC                |
| OneLogin           | OIDC                |
| Enterprise OIDC    | OpenID Connect      |
| Enterprise SAML    | SAML 2.0            |

***

## Sign In with GitHub

GitHub authentication allows engineers and developers to access Scrubbe using their GitHub identity.

### Requirements

Users must:

* Have an active GitHub account
* Be invited to a Scrubbe workspace
* Be assigned an appropriate role

### Sign-In Process

1. Navigate to the Scrubbe sign-in page.
2. Select **Sign in another way**.
3. Click **Continue with GitHub**.
4. Authenticate with GitHub.
5. Review permissions requested by Scrubbe.
6. Authorize access.
7. You will be redirected back to Scrubbe.

Once authentication completes, Scrubbe creates a secure user session and grants access according to your workspace permissions.

### Common Issues

**Access Denied**

If authentication succeeds but access is denied:

* Confirm you have been invited to a Scrubbe workspace.
* Verify your GitHub account email matches the invited email address.

***

## Sign In with GitLab

GitLab authentication provides secure access using GitLab identities.

### Requirements

Users must:

* Have an active GitLab account
* Belong to an authorized Scrubbe workspace

### Sign-In Process

1. Navigate to the Scrubbe sign-in page.
2. Select **Sign in another way**.
3. Click **Continue with GitLab**.
4. Authenticate using GitLab.
5. Approve the requested permissions.
6. Return to Scrubbe.

Upon successful authentication, Scrubbe associates your GitLab identity with your workspace membership.

***

## Sign In with Google Workspace

Google Workspace authentication allows organizations to use their existing Google identities.

### Requirements

* Active Google Workspace account
* Organization configured within Scrubbe
* User assigned to a Scrubbe workspace

### Sign-In Process

1. Navigate to Scrubbe.
2. Select **Sign in another way**.
3. Click **Continue with Google Workspace**.
4. Select your work account.
5. Review requested permissions.
6. Complete authentication.

Users are redirected back to Scrubbe after successful login.

### Supported Features

* Single Sign-On
* User identity verification
* Workspace discovery
* Organization-level access control

***

## Sign In with Microsoft Entra ID

Microsoft Entra ID enables enterprise-grade authentication using Microsoft identities.

### Requirements

* Microsoft Entra ID tenant
* User assigned within organization
* Scrubbe application approved by administrators

### Sign-In Process

1. Open the Scrubbe sign-in page.
2. Select **Continue with Microsoft**.
3. Authenticate with your Microsoft work account.
4. Complete any required MFA challenges.
5. Return to Scrubbe.

### Supported Features

* Enterprise SSO
* Conditional Access Policies
* Multi-Factor Authentication
* Group-Based Access Control

***

## Sign In with Okta

Organizations using Okta can authenticate users through OpenID Connect.

### Requirements

Your administrator must configure:

* Okta Application
* Client ID
* Issuer URL
* Redirect URI

### Sign-In Process

1. Open Scrubbe.
2. Select **Enterprise SSO**.
3. Choose **Okta**.
4. Enter your organization credentials.
5. Complete authentication within Okta.
6. Return automatically to Scrubbe.

### Administrator Configuration

Organizations must configure:

**Redirect URI:**

```text theme={null}
https://www.scrubbe.com/api/auth/callback/okta
```

**Sign-Out URI:**

```text theme={null}
https://www.scrubbe.com/auth/signin
```

***

## Sign In with OneLogin

Organizations using OneLogin can authenticate through OpenID Connect.

### Requirements

* OneLogin tenant
* OneLogin application configured
* Scrubbe workspace configured for OneLogin

### Sign-In Process

1. Navigate to Scrubbe.
2. Select **Enterprise SSO**.
3. Choose **OneLogin**.
4. Authenticate using your corporate credentials.
5. Complete any MFA requirements.
6. Return to Scrubbe.

### Supported Features

* Single Sign-On
* Multi-Factor Authentication
* Centralized Identity Management

***

## Sign In with Enterprise OIDC

OpenID Connect (OIDC) is the preferred enterprise federation method for organizations using identity providers such as:

* Auth0
* Ping Identity
* ForgeRock
* IBM Security Verify
* Custom OIDC Providers

### Requirements

Administrators must provide:

* Issuer URL
* Client ID
* Client Secret
* Redirect URI

### Sign-In Process

1. Open Scrubbe.
2. Select **Enterprise SSO**.
3. Enter your work email.
4. Scrubbe discovers the configured identity provider.
5. Authenticate with your organization's identity provider.
6. Return automatically to Scrubbe.

### Supported Features

* Single Sign-On
* MFA
* User Provisioning
* Claims-Based Authorization

***

## Sign In with Enterprise SAML

Scrubbe supports SAML 2.0 federation for enterprise organizations.

### Compatible Providers

* Okta
* OneLogin
* Ping Identity
* Microsoft Entra ID
* Google Workspace
* ADFS
* Custom SAML Providers

### Requirements

Administrators must configure:

* Entity ID
* SSO URL
* X.509 Certificate

### Sign-In Process

1. Open Scrubbe.
2. Select **Enterprise SSO**.
3. Enter your work email.
4. Scrubbe identifies your organization's SAML provider.
5. You are redirected to your identity provider.
6. Complete authentication.
7. Return automatically to Scrubbe.

### Supported Features

* Enterprise Federation
* MFA
* Group Mapping
* Role-Based Access Control

***

## Multi-Factor Authentication

Scrubbe respects MFA policies enforced by your identity provider.

Supported MFA methods include:

* Microsoft Authenticator
* Google Authenticator
* Okta Verify
* Duo Security
* SMS Verification
* Hardware Security Keys
* FIDO2 / WebAuthn

***

## Access Control

Authentication determines **who you are**. Authorization determines **what you can access**.

After successful authentication, Scrubbe evaluates:

* Workspace membership
* Assigned role
* Team membership
* Administrative permissions
* Organization policies

Common roles include:

* Workspace Administrator
* Incident Commander
* Engineering Manager
* Responder
* Viewer

***

## Troubleshooting

### I authenticated successfully but cannot access Scrubbe

Possible causes:

* You have not been invited to a workspace.
* Your email address does not match an authorized user.
* Your administrator has restricted access.

Contact your organization's Scrubbe administrator.

### My organization uses a custom identity provider

Scrubbe supports:

* OpenID Connect (OIDC)
* SAML 2.0

Your administrator can configure custom federation using either protocol.

### My authentication provider is not listed

If your identity provider supports **OpenID Connect (OIDC)** or **SAML 2.0**, it can typically be integrated with Scrubbe.

Contact your administrator for configuration assistance.

***

## Security

All authentication traffic is encrypted using TLS.

Scrubbe supports:

* OAuth 2.0
* OpenID Connect (OIDC)
* SAML 2.0
* Multi-Factor Authentication
* Conditional Access Policies
* Audit Logging
* Session Management

Authentication events are recorded in Scrubbe audit logs to support security investigations, compliance requirements, and access reviews.
