StrongDM

StrongDM is a Zero Trust privileged access platform for infrastructure (databases, servers/SSH, Windows RDP, and Kubernetes). It brokers access through gateways/relays, integrates with enterprise IdPs for SSO (SAML 2.0 / OpenID Connect) to the StrongDM console, supports inbound SCIM 2.0 provisioning, and provides detailed audit logs with session replay. It is not a general-purpose SAML/OIDC IdP for your applications.

Key Capabilities

• Resource coverage: Unifies access to PostgreSQL, Snowflake, other databases; SSH/RDP servers; Kubernetes clusters—client guides cover desktop/CLI workflows and JDBC/driver setups.

• Access brokerage (gateways/relays): Admin UI plus Terraform/Pulumi providers to add gateways/relays into segmented networks and automate resource/policy configuration.

• Single Sign-On to StrongDM: Integrates with generic SAML 2.0/OIDC (and specific IdPs like OneLogin) so users log into StrongDM with enterprise SSO; StrongDM acts as SP/RP in these flows.

• Provisioning: SCIM 2.0 inbound provisioning to create/update users and groups from Okta, Entra ID, OneLogin, Google, JumpCloud.

Limitations

• Not an application IdP: SSO is only for StrongDM itself; it does not issue SAML/OIDC tokens to third-party apps.

• SCIM directionality: Public materials describe inbound SCIM to StrongDM; outbound SCIM 2.0 to external apps isn’t clearly documented.

• Advanced OAuth profiles: Out of scope—StrongDM isn’t an OAuth authorization server (no PAR/DPoP/mTLS-bound tokens).

• Operations model: Control plane is SaaS, but customers deploy/operate gateways/relays and network routes; HA/sizing/cert management matter.

• Coverage nuance: Session replay is documented for SSH/Kubernetes/RDP; verify database protocol capture depth and any query redaction for compliance.