We’ve made it easier for you to manage users, enforce access policies, and strengthen security across environments with the following new features: 

  1. SCIM-based User Import

Scalefusion OneIdP now supports SCIM v2.0-based user and group import. You can now automatically sync identities from popular providers like Okta, Microsoft Entra, PingOne, and OneLogin, as well as any SCIM v2.0 supported IdP and HRMS tools. 

Configure SCIM integrations directly from the Integrations → SCIM Connectors section. Scalefusion will listen for any user or group changes from your SCIM app and update its directory accordingly, no manual intervention required!

Tested SCIM apps include:

  • Okta

  • Microsoft

  • PingOne

  • OneLogin

This update extends Scalefusion’s flexibility in handling multiple identity sources—ideal for organizations using combinations such as GWS + Okta + Microsoft or On-Prem AD + Microsoft.

For example:

  • Sign in with GWS and import users/groups.

  • Set up SCIM connectors for Okta or Microsoft to sync additional users.

  • Use OneIdP’s identity federation to manage secure sign-ins—without needing to enable SSO just for user authentication.

  1. Device-Based Conditional Access for SSO

Introducing the device-based conditional access model, a new way to enforce posture checks on managed devices with Scalefusion OneIdP.

You can now choose between:

  • User-based SSO: Access is granted based on user identity (as before).

  • Device-based SSO: Any authenticated user on a managed device can access enterprise applications.

The device-based conditional access feature is especially valuable for shared device environments, extending OneIdP’s zero-trust access beyond user identity to the device itself.

When enabled, device-based SSO uses a unique device-specific OTP, displayed directly in the Authenticator app. This OTP is bound to the device (not the user), ensuring it cannot be reused on other endpoints.

  1. Password Reset via Phone Number

We’re making password recovery simpler and more secure. You can now allow users to reset their passwords via OTP sent to their registered phone number.

This option can be enabled from Password Reset Settings at the directory level and requires Twilio to be configured for SMS delivery.

This small but powerful enhancement helps reduce support requests while improving end-user experience, especially in environments where users frequently switch devices or credentials.