---
slug: access-control-sso
title: Access Control & SSO
section: Reference
description: Plan identity and access when deploying OrcaSheets in an organisation.
listed: false
---
# Access Control & SSO

**This page helps admins plan identity and access when deploying OrcaSheets in an organisation. SSO and advanced access controls are currently available only on annual Enterprise plans.**

> Availability: SSO and access controls are currently available only on **annual Enterprise plans**.

## What to decide before rollout

Line these up with your security and IT team up front:

- **Identity system**: which provider you will integrate with (SAML, OIDC, LDAP).
- **Access control depth**: how granular you need permissions (source, schema, table, row).
- **Audit logging**: how you want to store, review, and export logs (for example, into your SIEM).

## Identity (SSO)

If your team needs centralised login and user management, plan to integrate with one of:

- **LDAP or Active Directory**
- **SAML**
- **OIDC**

Using SSO means users sign in with your existing identity provider, so you keep a single source of truth for joiners and leavers.

## Role-based access control (RBAC)

RBAC makes sure people see only what they should. Typical control points:

- **Database or source**, so teams only see systems they own.
- **Schema or table**, for finer-grained isolation.
- **Row-level access**, for sensitive datasets where only specific records should be visible.

## Audit logging

Audit logs make it easier to answer "who did what, and when?" Consider enabling logging for:

- **Who queried what**, so you can trace access patterns.
- **When Dashboards were refreshed**, so you can debug stale views.
- **Who exported data**, so you can track data leaving the platform.

For Enterprise environments, plan to export logs into your SIEM for long-term retention and alerting.

## Related pages

- [Local-first Security](/docs/local-first-security)
- [Settings](/docs/settings)
- [Sharing & Collaboration](/docs/sharing-collaboration)
