Single Sign-On & Identity Federation

What it is

Single Sign-On (SSO) is the mechanism that lets a workforce authenticate once—inside an identity provider they already trust—and gain access to every surface of Jeeva AI without ever creating a new password. It is the connective tissue between enterprise directories and the micro-services that power lead enrichment, multichannel outreach and analytics. Under the hood it is much more than a convenience feature; it is a governed identity fabric in which each assertion, role grant and session token is validated, logged and revocable within minutes of a change in the customer’s directory.

Jeeva’s Single Sign-On at a glance

Jeeva AI runs its workforce and production stack behind a single, cloud-hosted Identity Provider (IdP). All core business applications (e-mail, code repository, ticketing, infrastructure consoles, etc.) are federated to this IdP so that users authenticate once and then receive access tokens for every downstream tool; if the IdP itself shows signs of trouble, employees are instructed to check its status page or open a support ticket as part of the Business Continuity Plan.

Strong authentication for every account

Every employee account—human or service—must satisfy two layers of control:

• Multi-factor authentication (MFA) is mandatory wherever the IdP or a downstream service supports it, and it is explicitly required for all corporate accounts.
  
  
  

• Complex, unique passwords (≥10 characters, mix of upper/lower, number, symbol) are enforced; password reuse across personal and corporate accounts is forbidden, and a password manager (Google Authenticator) is prescribed for storage and rotation.
  Root or break-glass credentials are vaulted, protected by MFA, and issued only after identity proofing by the Operations team.
  
  
  

Role-based, least-privilege access

User permissions are mapped to standard roles maintained jointly by team managers and the executive team. Access follows a defined lifecycle—creation, privilege assignment, quarterly audit, and revocation on role change or termination—to ensure employees receive only the minimum breadth and duration of access required for their duties.

Continuous logging and monitoring

All privileged actions are logged centrally for at least 12 months; staff with access to customer data operate under heightened monitoring, and quarterly Zendesk-tracked audits verify that accounts, privileges and password hygiene remain in compliance.

Automated join-move-leave (JML) processes

Managers raise access requests when staff or contractors join, move or exit. The Operations team approves, scopes and implements those grants, and it must revoke all entitlements promptly on termination or reassignment, as defined in Vanta procedural commitments.

Ties to backup, continuity and recovery

Because the IdP is a critical vendor, its health is covered by both the Backup Policy (daily database snapshots of configuration data) and the wider Business Continuity / Disaster Recovery playbooks. If the service is unavailable for more than 24 hours, the CEO formally declares a disaster, triggers fail-over procedures, and coordinates restoration of production and transit infrastructure in priority order.

Oversight and assurance

The CFO owns policy compliance; periodic internal reviews, Vanta monitoring alerts and security research disclosures feed into the quarterly access audit cycle and the annual risk-assessment programme, ensuring the federation stack keeps pace with evolving threats and regulatory expectations.

In short: Jeeva AI’s SSO and identity federation strategy hinges on a single IdP guarded by MFA and strong passwords, governed by rigorous RBAC and JML controls, backed by real-time logging and quarterly audits, and anchored in company-wide continuity and disaster-recovery plans.