background color

OryPolis Manage organizations and enterprise SSO

Enterprise single sign-on for your B2B and B2B2C SaaS apps. Bridge legacy SAML to modern OIDC standards and enable seamless user management through SCIM-based directory sync.

Enterprise SSO and identity federation is challenging. With Ory Polis, you avoid headaches and connect identity providers and directories within days rather than months.

Need support?

Ory Polis is available via Ory Enterprise License: self-hosted control + 24x7 support.

Need to move quickly?

Get the power of Ory Polis fast and easily via the Ory Network. Sign up for free!

Enterprise readiness for B2B SaaS apps

Ory Polis eliminates the need for technical expertise by providing a developer-friendly solution that lets companies meet enterprise requirements without diverting resources from core product development.

Organizational single sign-on

Integrate SAML using your favorite OAuth 2.0 or OpenID Connect libraries. Go from the first line of code to deployment in days, not months. No SAML expertise required, just a simple API that works with your existing authentication flow.

Self-serve onboarding

Provide enterprise IT teams with secure configuration portals to establish their identity connections without extensive technical coordination. Reduce implementation friction and accelerate time-to-value for both you and your customers.

Directory Sync

Simplify user management with SCIM-based provisioning that synchronizes accounts and groups automatically. Connect to corporate directories through a unified integration that eliminates manual user administration.

Effortless solutions logo
Effortless Solutions Logo
Ahmed headshot black and white
Ahmed Elkaffas

Ahmed Elkaffas

Founder

Seamless Enterprise SSO integration with the customer's existing infrastructure, and minimal effort from the customer side, was very important for us.

Read the Effortless Solutions case study

Ory Polis features at a glance

  • Organizations

    Group users within your project, manage SSO connections, and enforce domain-based authentication that integrates with existing identity providers.

  • OIDC single sign-on

    Establish multiple OpenID Connect (OIDC-based) single sign-on connections for each organization, configurable through the Ory Console and API interfaces.

  • SAML support

    Connect with SAML-based identity providers such as Microsoft Entra ID, Microsoft ADFS, Okta, Auth0, Google Workspace, Ping Identity, and more.

  • SAML to OIDC bridge

    Our bridge enables cross-protocol Identity Federation, enabling your app to use modern OIDC internally while still accepting SAML connections from enterprise customers.

  • Identity Provider discovery

    Route users to their SSO provider based on email domain, eliminating manual selection steps for seamless authentication across B2B and B2B2C apps.

  • Flexible deployment

    Deploy anywhere to meet regional data sovereignty and compliance requirements. Ory offers complete deployment flexibility whether self-hosted, private cloud, or on-premises

How to de-risk identity at scale with Ory

OSS is where most teams start. The question is whether it holds up as scale, compliance, and security requirements grow. Running identity infrastructure yourself means owning everything, from patches to incident response, compliance controls, and performance tuning. At enterprise scale, that overhead competes with product innovation. Ory's commercial offerings, OEL and Ory Network, trade that burden for SLA-backed support, managed CVE patching, and audit-ready controls.

OSS

Evaluate and prototype

OEL

Self-hosted, great for enterprises that require air-gapped or certified environments

Ory Network

Fully-managed, fastest path to production without operational overhead
Compliance and audit-ready (GDPR, PSD2, PCI-DSS, SOC 2, and others)
OSS: No
Compliance and audit-ready (GDPR, PSD2, PCI-DSS, SOC 2, and others)
Compliance-ready
Compliance and audit-ready (GDPR, PSD2, PCI-DSS, SOC 2, and others)
Ory Network: Yes
Global multi-region architecture
OSS: No
Global multi-region architecture
Multi-region capable
Global multi-region architecture
Ory Network: Yes
Purpose-based data retention
OSS: No
Purpose-based data retention
OEL: Yes
Purpose-based data retention
Ory Network: Yes
24/7 SLA support
OSS: No
24/7 SLA support
OEL: Yes
24/7 SLA support
Ory Network: Yes
CVE security patching
OSS: No
CVE security patching
OEL: Yes
CVE security patching
Ory Network: Yes
Unified control plane for ease of management
CLI
Unified control plane for ease of management
CLI & GUI
Unified control plane for ease of management
CLI & GUI
Production Helm Charts
OSS: No
Production Helm Charts
OEL: Yes
Production Helm Charts
n/a
Managed infrastructure
OSS: No
Managed infrastructure
n/a
Managed infrastructure
Ory Network: Yes
Custom Branding for Onboarding Portal
OSS: No
Custom Branding for Onboarding Portal
OEL: Yes
Custom Branding for Onboarding Portal
Ory Network: Yes
SAML & OIDC
OSS: No
SAML & OIDC
OEL: Yes
SAML & OIDC
Ory Network: Yes
Directory sync
OSS: No
Directory sync
OEL: Yes
Directory sync
Ory Network: Yes
Identity federation
OSS: No
Identity federation
OEL: Yes
Identity federation
Ory Network: Yes

Ory Polis FAQ

Integrations

Ready to try Ory Polis?

Get started with the guides and docs below

AuthProvider.tsx
...
  const signIn = async () => {
    // store the from url before redirecting ... we need this to correctly initialize the oauthClient after getting redirected back from SSO Provider.
    localStorage.setItem(APP_FROM_URL, from);
    // Initiate the login flow
    await authClient?.fetchAuthorizationCode({
      tenant,
      product,
    });
  };

  const signOut = async (callback: VoidFunction) => {
    authClient?.reset();
    setUser(null);
    callback();
  };

More on Ory Polis

Try Ory today Start for free