Enterprise

SSO, on-premise deployment, VPC networking, and compliance features.

SSO & SAML setup

Enterprise plans support Single Sign-On via SAML 2.0 and OpenID Connect. Connect Okta, Azure AD, Google Workspace, or any SAML-compatible IdP:

  • Provide your IdP metadata URL or upload metadata XML
  • We provide the ACS URL and Entity ID for your IdP configuration
  • Attribute mapping: email, name, and groups passed through automatically
  • Just-in-time provisioning creates accounts on first SSO login
  • SCIM 2.0 provisioning for automated user lifecycle management

On-premise deployment

Run NoSQLSync entirely within your infrastructure. Deploy as Docker containers on Kubernetes, AWS ECS, or bare-metal servers:

  • Docker images via private registry
  • Helm chart for Kubernetes with configurable resources
  • Air-gapped support — all dependencies bundled, no outbound calls required
  • PostgreSQL and Redis are the only infrastructure dependencies

On-premise includes the web app, API server, and worker. You manage your own PostgreSQL and Redis. Contact sales for a deployment guide specific to your environment.

VPC and network configuration

For VPC deployments, NoSQLSync runs in private subnets with no public ingress. Worker nodes communicate with databases over private peering or AWS PrivateLink:

  • Private subnets with NAT gateway for outbound-only internet access
  • Security groups restrict inbound traffic to the load balancer only
  • VPC peering or Transit Gateway for cross-VPC database access
  • Network policies restrict inter-pod communication in Kubernetes

Audit logs and compliance

Enterprise plans include immutable audit logging. Every action — connection creation, migration launch, schema change, team invitation, API key generation — is logged with timestamp, user ID, and IP address. Logs retained per your requirements (30 days default, up to 7 years custom).

Export audit logs as JSON or CSV for SIEM integration (Splunk, Datadog, Sumo Logic). The audit trail is append-only.

SCIM provisioning

SCIM 2.0 enables automated user provisioning from your identity provider. When an employee joins in Okta/Azure AD, they get a NoSQLSync account automatically. When they leave, access is revoked:

  • Create, update, and deactivate users
  • Push groups as NoSQLSync teams
  • Sync user attributes (name, email, department)
  • Real-time sync — changes propagate within seconds