Overview
Trio supports deep integration with a wide range of Identity Providers (IdPs) to enforce identity-driven device management. This integration enables centralized authentication, dynamic access control, and seamless enforcement of security policies—core components of Zero Trust architecture.
Supported and validated IdPs include:
Microsoft Entra ID (formerly Azure AD)
Google Workspace (Cloud Identity)
Okta
OneLogin
PingOne
Any other SAML 2.0 or OIDC-compliant provider
Benefits of IdP Integration in Trio
By integrating your IdP with Trio, you can:
Enable Single Sign-On (SSO) for admin and user access
Automate policy assignment based on identity attributes and group memberships
Enforce Just-in-Time (JIT) and context-aware access control
Sync users and groups via SCIM or LDAP
Block access from non-compliant devices using real-time posture data
Implement Conditional Access policies in platforms like Entra ID and Okta
Use Case Examples
✔︎ Microsoft Entra ID
Used for directory federation and Conditional Access in many Microsoft-centric environments.
SSO via OIDC or SAML 2.0
SCIM provisioning supported
Device compliance integrated via Microsoft Graph APIs
Group-based profile assignment using Entra ID security groups
✔︎ Google Workspace (Cloud Identity)
Popular in organizations using Google Workspace for productivity.
SAML-based SSO for Trio
User sync via Google Directory APIs
Ideal for Chromebook or Android-first environments
✔︎ Okta
Used in hybrid cloud environments for its rich policy engine.
OIDC or SAML SSO supported
SCIM provisioning for user and group sync
Advanced conditional logic (e.g., location, device context)
✔︎ OneLogin
Flexible IdP supporting strong authentication policies.
SAML 2.0 SSO support
SCIM for provisioning
MFA and role-based access enforcement for MDM admins
✔︎ PingOne
Used in complex enterprise SSO federations.
OIDC and SAML support
Group-based attribute mapping to control profile delivery
Integration with on-prem AD via Ping Directory
Technical Workflow
1. SSO Authentication
Admins and users authenticate via the configured IdP (SAML/OIDC)
IdP returns an identity token or assertion
Trio grants role-based access or triggers enrollment flows
2. User and Group Synchronization
SCIM or LDAP-based sync is used to import users and groups into Trio
Attributes (e.g.,
department,region,title) are used for:Enrollment profile assignment
Compliance policy targeting
App deployment automation
3. Device Enrollment
Users are redirected to the IdP during enrollment
If authentication passes, Trio matches the user with the appropriate policies
Enrollment fails for unauthorized or unknown users
4. Compliance Reporting and Access Enforcement
Trio reports device posture (encryption, OS version, root status, etc.)
IdPs like Entra ID and Okta use this data in Conditional Access policies
Non-compliant devices are blocked from accessing enterprise resources
5. Just-in-Time Access
Access tokens or entitlements are provisioned based on user and device context
Access expires automatically or is revoked on posture change
Key Features Summary
Feature | Description |
SSO Authentication | Via OIDC or SAML 2.0 from supported IdPs |
Unified Directory Integration | SCIM or LDAP support for centralized identity sync |
Dynamic Policy Assignment | Auto-apply profiles based on group, role, or department |
Zero Trust Enforcement | Identity + posture = access; nothing trusted by default |
Conditional Access Support | Integrates with Entra ID, Okta, and PingOne policies |
Just-in-Time Access | Access provisioned per task/session, automatically revoked afterward |
Need Help?
Need help integrating your IdP with Trio? Contact our support team or explore our Identity Integration Guide for platform-specific walkthroughs.