One login for your entire team
When your team grows, managing individual passwords becomes a liability. Someone leaves, and you scramble to revoke access across a dozen services. Someone new joins, and they need yet another password to remember.
With SSO, your team signs into Oh Dear using the same credentials they use for everything else. Disable someone in your IdP, and they lose access to Oh Dear automatically. No shared passwords, no forgotten accounts, no access gaps.
Available on every plan, because security shouldn't be a premium feature.
Works with the IdP you already use
Oh Dear supports any SAML 2.0 identity provider. We've built guided setup flows for the most popular ones, so configuration takes minutes, not hours.
Okta, Microsoft Entra ID (Azure AD), Google Workspace, OneLogin, JumpCloud, Auth0, PingFederate - we have step-by-step instructions for each. Using a different SAML 2.0 provider? That works too.
We provide your SP metadata URL, Entity ID, and ACS URL. Copy them into your IdP, paste your IdP details back, and you're done. Test the connection before enabling it for your team.
Email-first login
When your team members visit the login page, they enter their email address. If their domain has SSO configured, they're redirected to your IdP automatically. Non-SSO users see the password field as usual.
No separate SSO login page, no special URLs to bookmark. Your team just enters their email and the right thing happens.
If you want to go further, you can enforce SSO for all non-owner team members. Password login gets blocked entirely for those users, so there's no way to bypass your organization's authentication policy.
Enforce SSO, keep a break-glass
Enforce SSO to require all non-owner team members to authenticate through your IdP. Password login is blocked, API tokens keep working, and your security policy is fully applied.
Team owners always retain password access as a break-glass mechanism. If your IdP goes down, you can still get into Oh Dear. Every break-glass login is logged for audit purposes.
Domain verification via DNS proves your organization owns the email domain before SSO can be enabled. No one can hijack your team's authentication by claiming a domain they don't control.
Existing team members receive a one-time linking email to connect their account to their IdP identity. No silent account linking by email alone.
Stop worrying, start monitoring
Start a no-strings-attached 10-day free trial. You're all set in less than a minute. (No credit card needed.)
Not convinced yet? Need help? Get in touch via [email protected].
Built on SAML 2.0
SAML 2.0 is the industry standard for enterprise single sign-on. It's supported by every major identity provider and trusted by organizations worldwide.
Certificate rotation is handled gracefully. Upload a secondary certificate before your primary expires, and Oh Dear validates against both during the transition. We'll notify you at 30, 14, and 7 days before expiry.
Security hardened. SHA-1 signatures rejected. Audience restriction enforced. Replay protection active. Transient NameIDs blocked. Every assertion is validated against a strict set of rules before we trust it.
API tokens are unaffected. Your CI/CD pipelines and automation scripts keep working regardless of SSO session state. Tokens are revoked only when a user is removed from the team.
Wait, there's even more
Continuous certificate monitoring
SSL certificates are essential in website security. We check all your certificate expiration dates & alert any change we detect.
Performance monitoring
We provide highly detailed performance monitoring and insights. We'll notify you as soon as we detect your website is getting slow.
Fast and insightful notifications
Get notified instantly as soon as we detect an issue or an important change. Enable any channel you use, you're in full control.
Scheduled task monitoring
Your cron jobs (Linux) and scheduled tasks (Windows) are the heart of your data processing. We can monitor every single one of them.
Broken page & mixed content
We crawl and index your entire website, just like Google. As soon as we detect a broken link on your site we will let you know.
DNS record monitoring
Receive a notification whenever your DNS records are modified - intentionally or maliciously - so you can act and verify faster.
Application health monitoring
A lot can go wrong inside your app and server. Disk space may fill up, or the database may go down. We'll notify you when something is off.
Beautiful public status pages
In times of crisis, a public status page allows you to communicate to your clients. We'll host your status page so it's always available.
laravel.com
ign.comtakeaway.comWebsite uptime monitoring
When your website goes down we'll let you know instantly. Now you can act before your or your client's brand reputation takes a hit.
Domain monitoring
We can check how long your domain is still registered. If your renewal date is close, we'll notify you. This will avoid you losing your domain.
Lighthouse SEO monitoring
We track the speed & performance of your website over time. If we detect your website is suddenly slower, we'll let you know.
Sitemap monitoring
Elevate your SEO strategy and optimize your site. We analyse your sitemap health and check every URL for broken links.
Describe what you want to monitor
AI monitoring
Use AI to verify anything you want on your websites and services with Oh Dear's AI monitoring feature.
Port scanning monitoring
Port scanning monitoring keeps an eye on important ports that should either be open or closed. Get notified when a port changes state unexpectedly.
DNS blocklist monitoring
DNS blocklist monitoring helps you stay off spam and ad-block lists. Get notified when your DNS is blocked by a blacklist.
Start monitoring instantly
Start a no-strings-attached 10-day free trial. You're all set in less than a minute. (No credit card needed.)
Not convinced yet? Need help? Get in touch via [email protected].
