Platform · SSO & RBAC

Enterprise-grade identity. Built into Vacademy from day one.

Single sign-on via Google Workspace, Microsoft, SAML, or OAuth2; granular role-based access control with custom roles; per-user audit logging; institute-level multi-tenancy. Compliant with your IT team's checklist.

Tour the access controlsCompare with bolt-on SSO
  • Google · Microsoft · SAML · OAuth2 SSO
  • Custom roles · granular permissions
  • Per-user audit log
  • SCIM provisioning · auto-deprovisioning
Identity · Okta connector · 18,455 users
SOC2 ready · SCIM live
Connected IdP
O
Okta · acme-corp.okta.com
SAML 2.0 · SCIM 2.0
✓ Healthy
MFA
Required · TOTP
Session
8 hrs
IP allowlist
3 ranges
Last sync
2 min ago
Security posture
  • SOC2 Type IIIn progress
  • ISO 27001 controlsMapped
  • GDPR + DPDPCompliant
  • WebAuthn / FIDO2Supported
Roles · 5 of 12 shown
Super Admin
All · 47 modules
2
Senior Faculty
Courses · Live · Assess
14
Counsellor
CRM · WhatsApp · Inbox
8
Evaluator
Assess · Grade · Reports
11
Learner
Courses · Self-data
18,420
Audit log · last hour
  • 14:32A. SharmaLogged in via Okta SSO
  • 14:31P. VermaEdited course 'Algebra IV'
  • 14:21R. IyerFailed login · 2/5 attempts
  • 14:08systemSCIM deprovisioning · M. Singh
Export → Splunk / Datadog / ELK enabled
SCIM provisioning: 14 users added · 2 deprovisioned · 0 stale accounts · all audit-logged.

Why teams switch

The status quo is costing your team time and money

Bolt-on SSO is a sales upsell, not a feature

Many LMSes ship SSO as a 'starting from $20k/yr extra' enterprise add-on. Even then, it's clunky, often half-broken, and IT teams hate it.

SSO included on every plan

Generic 'admin / teacher / learner' roles don't match reality

Your team has Senior Faculty, Lab Mentors, Assessment Heads, Counsellors, Accountants — each with different access. Three-role LMSes force you to over-grant or sacrifice control.

Custom roles with granular permissions

Off-boarding is where data breaches happen

Employee leaves; nobody revokes access. Six months later, the ex-faculty still has admin keys. SCIM auto-deprovisioning prevents this — but most LMSes don't support it.

Auto-deprovisioning the moment HR removes the user

Inside identity

IdP · roles · audit · all in one workspace

Connected IdP health, custom roles with user counts, security posture summary, and live audit log.

Identity · Okta connector · 18,455 users
SOC2 ready · SCIM live
Connected IdP
O
Okta · acme-corp.okta.com
SAML 2.0 · SCIM 2.0
✓ Healthy
MFA
Required · TOTP
Session
8 hrs
IP allowlist
3 ranges
Last sync
2 min ago
Security posture
  • SOC2 Type IIIn progress
  • ISO 27001 controlsMapped
  • GDPR + DPDPCompliant
  • WebAuthn / FIDO2Supported
Roles · 5 of 12 shown
Super Admin
All · 47 modules
2
Senior Faculty
Courses · Live · Assess
14
Counsellor
CRM · WhatsApp · Inbox
8
Evaluator
Assess · Grade · Reports
11
Learner
Courses · Self-data
18,420
Audit log · last hour
  • 14:32A. SharmaLogged in via Okta SSO
  • 14:31P. VermaEdited course 'Algebra IV'
  • 14:21R. IyerFailed login · 2/5 attempts
  • 14:08systemSCIM deprovisioning · M. Singh
Export → Splunk / Datadog / ELK enabled
SCIM provisioning: 14 users added · 2 deprovisioned · 0 stale accounts · all audit-logged.

How identity actually works

From IdP to platform access — fully automated

Vacademy supports OIDC + SAML 2.0 + OAuth2. Users authenticate via your IdP (Okta, Google, Microsoft Entra, Auth0, custom). Roles + permissions apply at session start.

01

Connect your IdP

OIDC / SAML 2.0 connector with metadata exchange. Standard setup wizard for Okta, Google, Microsoft Entra, Auth0, OneLogin. Custom IdPs via OIDC discovery doc.

02

Define roles + permissions

Built-in roles (Admin / Teacher / Learner / Counsellor) or custom roles. Each role maps to a permission matrix — view / edit / publish across modules.

03

SCIM provisioning

Auto-provisioning + auto-deprovisioning from your IdP via SCIM 2.0. Add an employee in Okta → they land in Vacademy with the right role; remove them → access revoked instantly.

04

Audit + monitor

Per-user audit log of every login, action, and data access. Export to SIEM (Splunk / Datadog / ELK) for compliance and security monitoring.

What's inside

Identity infrastructure that passes IT review

Map these to your workflow →

Multi-protocol SSO

OAuth2 (Google, GitHub, Microsoft), SAML 2.0 (Okta, OneLogin, Microsoft Entra, custom), OIDC (Auth0, Keycloak), magic-link, and password fallback.

Custom roles

Built-in roles (Admin / Teacher / Learner / Counsellor / Evaluator) plus unlimited custom roles. Each role has a granular permission matrix per module.

Granular permissions

Per-module CRUD permissions: view / create / edit / publish / delete on every entity (course, batch, learner, assessment, certificate, payment, etc.).

SCIM 2.0 provisioning

Auto-provision / deprovision from your IdP. Mass user lifecycle (onboarding, role changes, off-boarding) handled by HR + IT — not Vacademy admin tickets.

Per-user audit log

Every login, view, edit, deletion logged with user + timestamp + IP + device. Export to your SIEM. Used for ISO + SOC2 + GDPR / DPDP compliance.

MFA + session policy

Mandatory MFA, session-timeout configuration, IP-allowlist for admin roles, force-logout on password change. Enterprise-grade defaults.

What changes after IT review

Enterprise sales unblocked

0
IT objections

SSO + RBAC + SCIM + audit log + SOC2 passes typical enterprise IT review.

−96%
Onboarding ops

Automated provisioning from IdP eliminates manual user-add tickets.

0
Stale accounts

Auto-deprovisioning closes the off-boarding security hole.

Included
Pricing

SSO + RBAC included on every plan; no enterprise upcharge.

Connected to the platform

Identity drives everything else

Roles + permissions gate every feature; SCIM events drive HR + payroll + Notification Hub workflows; audit logs feed analytics + compliance reports.

User add in Okta → Vacademy account created + role applied + welcome WhatsApp sent.

User role change → mid-session re-permission without forcing logout.

User remove → access revoked + active sessions invalidated + audit logged.

Failed login spike → admin alert + IP throttle + SIEM event.

Built for every team

Who relies on SSO + RBAC

IT / Security

  • SOC2 / ISO / DPDP / GDPR compliance posture
  • SCIM lifecycle integration with HR systems
  • Audit log + SIEM export for monitoring

Operations / HR

  • Skip manual user-add + role-assignment tickets
  • Off-boarding closes access automatically
  • Different roles for faculty vs ops vs sales staff

Founders / CTOs

  • Pass enterprise IT review on first try
  • Built-in SSO = no enterprise tier upsell pain
  • Security-as-default, not security-as-config

Customer spotlight

Fortune-500 corporate L&D · 8,400 employees

We needed Okta SSO + SCIM + SOC2 compliance + per-business-unit role isolation. Vacademy passed our IT review in one round — every other LMS we tried needed 3 rounds and an 'enterprise add-on'. Off-boarding is now automatic from Workday → Okta → Vacademy in under 5 minutes.

VP IT, Fortune-500 Enterprise

IT review passed in one round
Auto-deprovisioning chain: Workday → Okta → Vacademy in <5 min
8,400 employees provisioned via SCIM in 2 hours

Frequently asked

Common questions from buyers

Which IdPs do you support?+

Google Workspace, Microsoft Entra (Azure AD), Okta, Auth0, OneLogin, Keycloak, and any OIDC/SAML 2.0-compliant IdP. We have certified connectors for the top 5 IdPs and accept custom OIDC discovery URLs.

Is SOC2 / ISO certified?+

SOC2 Type II ready (audit in progress); ISO 27001 mapped controls. GDPR + DPDP + HIPAA-ready architecture (institute-level data residency configurable). Enterprise customers get the latest reports under NDA.

How does SCIM provisioning work?+

SCIM 2.0 endpoint per tenant. Your IdP (Okta / Entra / Auth0) pushes user creates, updates, role changes, and deactivations. Vacademy applies them within seconds, with full audit logging.

Can we have custom roles?+

Yes — unlimited custom roles per institute, each with a granular permission matrix. Most enterprise customers create 5–15 custom roles (Senior Faculty, Lab Mentor, Counsellor Lead, Finance Lead, etc.) — well beyond the built-in 4 default roles.

What about MFA?+

Mandatory MFA enforceable per role. TOTP (Google Authenticator / Authy), SMS (with regional carrier support), email magic-link, hardware keys (WebAuthn / FIDO2). Sessions invalidate on MFA mode change.

Explore the platform

Pairs well with

White-Label & Custom Domain

Branded login screen + your-domain SSO flow.

Read more →

HR, Payroll & Employee Management

Pairs with SSO for HR-driven provisioning.

Read more →

Webhooks & API Integrations

Connect SSO events to your custom workflow systems.

Read more →

From basic auth to enterprise-grade identity

Send us your IdP — we'll wire it up live.

Tell us which IdP you use (Okta / Google / Entra / Auth0). In a 30-min session we'll configure SSO, define custom roles, run SCIM provisioning, and demo the audit log.

Book an IT review sessionGet pricing