Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.summand.com/llms.txt

Use this file to discover all available pages before exploring further.

The Enterprise tier is for organizations that need centralized identity, governed access, audit trails, and direct database connectivity. Everything in Pro, plus:

Single sign-on

SAML 2.0 and OIDC for Okta, Entra ID, Google Workspace, OneLogin, JumpCloud, Auth0, Ping, and custom IdPs — all configured via the WorkOS Admin Portal.

Directory Sync

SCIM-based auto-provisioning and deprovisioning. Users created when added to an IdP group, removed when they leave.

MFA

TOTP enforcement at the WorkOS layer, with optional Summand-layer MFA for shared private datasets.

Audit logs & SIEM

Auth and security events streamed to Datadog, Splunk, S3, or any HTTPS webhook.

Compliance

HIPAA, SOC 2 Type II, ISO 27001, GDPR, CCPA — with BAA available.

Database connectors

Direct PostgreSQL, MySQL, Snowflake. Plus Fivetran for everything else.

Rollout sequence

A typical Enterprise rollout is four steps. Items can run in parallel — most customers are fully live in 1-2 weeks.
1

Provision the organization

Sales creates an organization for your domain. You’ll receive an invitation email naming a designated admin user. Domains are sales-provisioned (not self-claim) to prevent squatting.
2

Verify your domain and set up SSO

From Settings → Organization, click Configure under Domain Verification and Single Sign-On. Both buttons open the WorkOS Admin Portal — Summand’s identity layer is built on WorkOS, so SSO setup runs there rather than in a Summand-side wizard. See the SSO guides for IdP-specific steps.
3

Configure org-wide policies

From Settings → Organization, configure:
  • SSO (required for SSO-eligible domains) and Directory Sync for SCIM
  • MFA enforcement (TOTP at the WorkOS layer, with optional Summand-layer MFA for sensitive ops)
  • Audit logs and Log Streams for SIEM forwarding
  • Member roles and seat counts
4

Onboard your team

Users sign in with their company email. Summand detects the verified domain, redirects to your IdP, and JIT-provisions the user on first sign-in. Pair this with Directory Sync so users are also auto-deprovisioned when removed from the IdP.

Roles and permissions

Enterprise plans have four roles, manageable from Settings → Members:
RoleWhat they can do
Org adminManage SSO, MFA, billing, members, audit logs. Full visibility into everyone’s datasets.
Workspace adminManage members and connectors within a workspace. No billing/SSO control.
MemberCreate datasets, share, run analysis. Standard user.
GuestRead-only access to datasets explicitly shared with them. No connector creation.
Roles can be assigned manually or mapped from IdP groups via SSO group sync.

Support

Enterprise customers get:
  • Email support — 4-hour response SLA for production issues
  • Dedicated CSM — single point of contact for onboarding, training, and roadmap input
  • 99.9% uptime SLA — credited per the contract
  • Priority feature requests — direct line to the product team
Reach support at enterprise@summand.com or via the in-product chat.