Security

SSO and MFA

Let teams sign in through your company identity provider, require a second step when needed, and keep sign-in changes visible. Polytrace supports centralized sign-in, organization-level MFA rules, multiple second-factor options, and sign-in audit history.

Book demo See pricing
SSO and MFA concept illustration Give security reviewers an identity-control entry point for SSO and MFA coverage.

Highlights

Core capabilities

Centralized sign-in

Use the company identity provider for team access so sign-in and offboarding stay under central control.

Organization-wide MFA rules

Require multifactor authentication at the organization level and choose which factor types are allowed.

No full session before MFA

Polytrace does not create the full signed-in session until the second factor is verified.

Fresh check for sensitive actions

Important account-security changes can require a new MFA check before the change goes through.

Factors

Factor options

Authenticator apps

Teams can support app-based one-time codes for routine MFA enrollment.

Security keys and device-based sign-in

Hardware-backed or device-backed options are available for stronger sign-in requirements.

Email and SMS codes

Where appropriate, teams can allow one-time codes delivered by email or SMS.

Checklist

Review checklist

  • Confirm whether single sign-on can be connected to the company identity provider.
  • Check which MFA factors are allowed for the organization.
  • Verify that MFA can be required across the team.
  • Review what happens when a user has not finished MFA enrollment.
  • Check which sign-in and MFA events appear in the audit history.
01

How sign-in stays under team control

Sign-in controls need to stay simple for users and predictable for administrators. Teams need to know whether sign-in can stay with the company identity provider, whether MFA can be required across the organization, and what happens when someone has not finished enrollment.

That matters more when the workspace holds sensitive email, file, calendar, and website records. Polytrace is designed to make sign-in behavior, MFA enforcement, and sign-in history clear enough for rollout and later review.

02

How Polytrace handles sign-in

Polytrace supports centralized sign-in through common enterprise single sign-on standards and can enforce multifactor authentication at the organization level. Teams can allow the factor types they support, including authenticator apps, security keys or device-based sign-in, email codes, and SMS codes where appropriate.

The sign-in flow is designed to close cleanly. A user does not receive a full session before the second factor is verified. Sensitive account-security actions can require a fresh MFA check, which helps reduce the risk of someone changing key settings from an older session.

03

What makes rollout easier to manage

MFA enforcement is guarded against easy lockouts. Teams cannot simply turn it on in a way that strands the person making the change. If MFA is required and a user has not finished enrollment, Polytrace limits what they can do until enrollment is complete instead of silently weakening the policy.

That matters for onboarding, role changes, and offboarding. Access stays tied to the company identity system, and the product keeps a visible record of sign-in and MFA events for later review.

04

What a security review should confirm

A security review should confirm supported sign-in methods, allowed MFA factor types, organization-level enforcement rules, the enrollment experience, and the events available for sign-in and access investigations.

Related pages

Go deeper from here

Use the closest product, workflow, or security page to continue the evaluation.

Access controls

See how Polytrace limits who can open sources, collections, shared results, and downloads.

Open page

Access controls, redaction, and audit

See how sharing limits, redaction, and review history work together in the product.

Open page

For IT and enterprise AI teams

See how IT teams use Polytrace to centralize access and expose approved data to internal systems.

Open page

Security review guide

Use the guide to prepare for identity, access, logging, and governance questions.

Open page

FAQ

Common questions

Which MFA options are available?

Polytrace supports several second-factor options, including authenticator apps, security keys or device-based sign-in, email codes, and SMS codes. Teams can decide which factor types are allowed for their organization.

Can a team require MFA for everyone?

Yes. Polytrace supports organization-level MFA enforcement, so teams can require stronger sign-in across the workspace instead of relying on each user to opt in.

What happens if someone has not set up a second factor yet?

When MFA is required and a user has not finished enrollment, Polytrace limits the user to the routes needed to complete enrollment. The product does not quietly waive the rule to make the login easier.

Does Polytrace support common enterprise SSO standards?

Yes. Polytrace supports common enterprise single sign-on standards, including SAML and OpenID Connect, so teams can connect sign-in to the identity systems they already use.

Are sign-in events visible for review?

Yes. Sign-in and MFA activity can be recorded in the audit history so teams have evidence when they need to investigate access questions.

Next step

Review sign-in and access controls with your team

A strong security review usually pairs this page with access controls and audit trail details.

Book demo See pricing