Logo
Back to homepage
Enterprise

Domain ops at the scale your security team requires.

SSO, SCIM provisioning, audit-log streaming, branded reports, named CSM, signed DPAs, custom plans — everything the security and procurement teams ask for when ZentraLink crosses the 100-domain mark.

Talk to enterprise salesSee pricing

What enterprise unlocks

  • SSO (SAML 2.0 + OIDC)

    GA

    Okta, Entra/Azure AD, Google Workspace, JumpCloud, Authentik. Just-in-time provisioning + group-driven role mapping.

  • SCIM 2.0 provisioning

    GA

    Users + Groups, full lifecycle. RFC 7644 §3 PATCH, deactivation flips sessions immediately. Discovery, ResourceTypes and Schemas exposed.

  • Custom permission sets

    GA

    Compose your own roles on top of Admin / Supporter / Viewer. Per-domain, per-record, time-bounded.

  • Branded reports + portals

    GA

    Replace our logo and colour with yours on every PDF and customer-facing surface. Domain-mapped if needed.

  • Custom plans

    GA

    Volume pricing, hybrid contracts, calendar-year cycles, multi-tenant umbrella accounts. Procurement-friendly.

  • Named CSM + on-call

    GA

    Single point of contact, calendar slot, on-call escalation path. Quarterly business reviews on top.

  • Audit-log streaming to SIEM

    GA

    Real-time push of every audit event to your Splunk / Datadog / Elastic / SIEM of choice via HMAC-signed webhooks. Retry with exponential backoff, dead-letter status visible in the dashboard.

  • Self-hosted edition

    Roadmap

    Air-gapped install on your own infrastructure. Compliance-friendly for regulated industries.

Identity sync

SCIM 2.0 — fully RFC-compliant, available today

ZentraLink ships a complete SCIM 2.0 surface (RFC 7643 + RFC 7644). Your IdP creates, deactivates and group-assigns users, and the changes land in ZentraLink within seconds.

  • Full Users + Groups lifecycle (create / read / update / patch / delete)
  • Filter, pagination, ETag-free idempotency
  • Per-workspace bearer tokens with hash-only storage + last-used tracking
  • Deactivation revokes live sessions immediately, not at next page load
  • ZentraLink:User extension surfaces role / tenantId / isPrimary for attribute mappings
  • Tested against Okta, Entra, Google Workspace, JumpCloud, Authentik
Single sign-on

SSO — one button, no double accounts

SAML 2.0 and OIDC, with just-in-time provisioning if SCIM isn't connected and role mapping if it is. Login still works on a fresh device the first time the user lands on it.

  • Multiple IdP connections per workspace (production + sandbox)
  • Role mapping from SAML group / OIDC claim to ZentraLink role
  • Forced-SSO mode (no fallback password login for domain users)
  • Just-in-time provisioning when SCIM isn't in play
Operational guarantees

Operational depth, not just feature flags

Enterprise plans give you the ops layer that distinguishes a hosted product from a piece of software you can actually depend on.

  • 99.9 % uptime SLA, with credits — measured at the public API
  • RPO < 1h / RTO < 4h, cross-region backups, restore-tested quarterly
  • Signed DPA + sub-processor list + ToM document on file before kickoff
  • Annual penetration test summary on request
  • Dedicated EU residency option, with hosting in Germany only
Enterprise sales

Let's design the rollout that fits your security review.

Tell us about your IdP, your domain count and the compliance regime you operate in. We'll send a tailored proposal — and the artefacts your security team needs — within one working day.

Start the conversationRead the security page

Signed DPA available · ISO 27001-aligned ToM · audit-log streaming in private preview