Integrations

Integration Guides

Pre-built step-by-step guides for the 20 most-requested enterprise applications in the EU market. Each guide covers the exact configuration needed on both the Clavex side and the application side — with discovery URLs, client configs, and common troubleshooting.

How these guides work: Clavex is always the Identity Provider (IdP). The target application is the Service Provider (SP) or OIDC Relying Party. OIDC integrations use Authorization Code + PKCE; SAML integrations use SP-initiated SSO with signed assertions.

OIDC OpenID Connect — recommended for modern apps

SAML SAML 2.0 — required by legacy enterprise apps

OIDC+SAML Both protocols supported

SaaS & Collaboration

Google Workspace

Configure Clavex as a SAML IdP for Google Workspace. Users authenticate via Clavex and access Gmail, Drive, and all Google services.

Federate Microsoft 365 with Clavex via SAML 2.0 WS-Federation. SSO for Teams, Outlook, SharePoint, and the full M365 suite.

Enable SSO for Salesforce CRM and Experience Cloud. Supports both SAML 2.0 (classic) and OIDC (connected apps).

SAP SuccessFactors

SAML 2.0 SSO for SAP SuccessFactors HXM. Covers metadata exchange, attribute mapping, and provisioning via SCIM.

SSO for ServiceNow ITSM using OIDC (recommended) or SAML 2.0. Includes role/group mapping from Clavex claims.

Jira & Confluence

OpenID Connect SSO for Atlassian Jira and Confluence Data Center. Single config covers both products via the Atlassian SSO plugin.

Dev & DevOps

OIDC SSO for GitLab Self-Managed and GitLab.com groups. Group claim mapping drives automatic role assignment.

GitHub Enterprise

SAML SSO for GitHub Enterprise Server and GitHub Enterprise Cloud. Covers SCIM provisioning for automatic team sync.

AWX / Ansible Tower

OIDC SSO for AWX (open-source) and Red Hat Ansible Automation Platform. Team membership maps from Clavex group claims.

Observability & Logging

Generic OIDC SSO for Grafana OSS and Grafana Enterprise. Org and role auto-provisioning via JWT claims.

Kibana / OpenSearch

OIDC SSO for Kibana (Elasticsearch) and OpenSearch Dashboards. Role mapping from realm_access or groups claim.

OIDC SSO for Graylog Operations. Configure the OpenID Connect authentication provider with group-to-role mapping.

SAML 2.0 SSO for Zabbix 6.0+ monitoring platform. IdP-initiated and SP-initiated flows, attribute-based role mapping.

Infrastructure & Self-Hosted

OIDC SSO for Proxmox Virtual Environment 7.1+. Map Clavex group claims to Proxmox pools and permission sets.

OIDC SSO for Portainer Business Edition and CE (with OAuth plugin). Automatic team assignment from Clavex groups.

OIDC SSO for Nextcloud via the Social Login or user_oidc app. Quota, group, and display name provisioning from claims.

Keycloak (Federation)

Configure Clavex as an upstream OIDC identity broker for Keycloak. Users in a Keycloak realm authenticate via Clavex.

Messaging & Chat

OIDC SSO for Mattermost Team and Enterprise Edition. Automatic account creation and channel team membership from groups.

Custom OAuth / OIDC SSO for Rocket.Chat Community and Enterprise. Field mappings for username, email, and avatar URL.

Azure AD (via SAML)

Configure Clavex as an enterprise application in Azure AD using SAML 2.0 federation. Covers hybrid environments.

Missing an Integration?

The guides above cover the most-requested EU enterprise applications. If your stack uses a different tool, Clavex works with any application that supports OpenID Connect or SAML 2.0 — follow the generic OIDC guide and substitute your app's callback URL and configuration panel.

To request a specific integration guide, open an issue on GitHub.