Standards
Speaks the standards your security team expects.
SCIM for directory and lifecycle sync. OIDC and OAuth 2.0 for sign-in and connector auth. Part of the platform's authentication and sync layers from day one — not a retrofit.
What's supported.
The short list of what a security reviewer actually cares about — at the depth the review questionnaire asks for.
- SSO — OIDC
- Tenant-configured external sign-in. Google ships with managed credentials; Microsoft, Okta, and custom OIDC providers use tenant-supplied configuration. Domain allowlists, verified-email requirements, account linking, and optional just-in-time user provisioning are first-class settings — not bolt-ons.
- SCIM — directory and lifecycle sync
- Owlie consumes SCIM where it's the canonical source and can be driven via SCIM where relevant. Specific field shapes and lifecycle semantics depend on the source system; coverage is scoped, documented, and honest about what each side supports.
- OAuth 2.0 — throughout the integrations layer
- Used across native connectors and the builder: authorization-code flow, client credentials, and JWT bearer, as declared by the target system. The builder lets you pick the flow, store credentials under tenant-scoped encryption, and refresh tokens without custom code.
What's not at launch.
We don't ship every standards variant. SAML 2.0 is on the roadmap, not at launch — external sign-in is OIDC-based today. Proprietary SSO flavors and obscure federation profiles aren't in launch scope either. If your stack needs one, tell us.
Keep reading.
Integrations overview
Connectors, the builder, and everything in between.
Security
Tenant isolation, session model, Trust Center, SOC 2 program status.
Custom connectors
The in-app builder for systems we don't ship native coverage for.
Request an integration
Tell us which system. We'll say yes, no, or builder.