Prophecy authentication

Enterprise and Express

Custom authentication is available for the Enterprise and Express Editions only.

When logging in to Prophecy, you can either credentials managed directly by Prophecy, or set up SSO. Prophecy integrates with multiple identity providers to let you log in using your external credentials. You can configure SSO under Settings > SSO.

Only Prophecy cluster admins have permission to view and edit SSO settings.

Prophecy-managed authentication

By default, Prophecy uses Prophecy Managed authentication. This option requires no external identity provider.

• User accounts are created and managed inside Prophecy.
• Passwords are stored securely within Prophecy.
• Use this mode if you don’t have an external SSO requirement.

If you set up SSO after creating users in Prophecy, sign-ins will map to existing users if the sign-in email matches the user email in Prophecy.

Fabric OAuth

To set up OAuth for fabric connection authentication, see OAuth app registrations.

What's next

Learn how to set up different authentication methods in the following pages.

LDAP authentication

Connect to your organization’s LDAP directory for authentication

SAML authentication (SCIM optional)

Leverage SAML for authentication for Prophecy users

Microsoft Entra ID SSO

Sign-in to Prophecy using your Microsoft Entra ID credentials

Google SSO

Sign-in to Prophecy using your Google account credentials

Group-to-team mapping

Automatic team creation and user role assignment based on identity provider groups