Foldr authenticates against the identity provider you already run. Once a user’s in, the answer to “what can they see” comes from the storage backend itself, not from a duplicate ACL inside Foldr.
Pick one or several. Foldr supports stacking strategies, so a school can run Entra for staff and SAML for parents on the same instance.
Any compliant IdP. Tested in production against Entra, Google, ADFS.
Native Graph integration. Your Conditional Access policies apply at sign-in.
OAuth sign-in plus Drive permissions inheritance.
Group sync, attribute mapping, on-prem or hybrid.
Seamless desktop SSO on AD-joined estates.
For service users and edge cases. MFA still required.
Run Foldr as a SAML 2.0 identity provider and downstream apps sign in against it. No separate IdP licence, no per-user premium other vendors charge for the privilege of SSO. Every auth control that protects Foldr also protects every app that signs in through it: MFA, passkeys, trusted devices, audit logging, IP rules.
Every protection on Foldr’s own login covers the IdP login too. TOTP authenticator apps, Duo push, and FIDO2/WebAuthn passkeys. Trusted-device flags. Sudo re-prompts on sensitive actions. The MFA premium other IdPs charge isn’t a line item here.
Every sign-in attempt, MFA challenge and session is recorded centrally. Per-user, per-app, per-device. Downloadable as CSV; retained per your policy. No P1 tier upsell, no separate logging service to wire in.
Add a starter and they’re in everywhere downstream that signs in via Foldr. Disable a leaver and they’re out, everywhere, immediately. Group membership is asserted at sign-in via SAML claims; provisioning lifecycle stays at the IdP.
Standard metadata exchange, signed assertions, name-ID and attribute mapping configurable per app. Works with the SAML-aware SaaS your estate already runs.
Allow- and blocklist by IP at the IdP layer. Combine with per-device approval and trusted-device flags to gate which apps see which users from where.
If you have Foldr, you have this. No extra licence to buy, no “Identity” tier upsell. The same MFA, passkeys, audit and group sync used for Foldr logins are exposed to downstream apps the same way.
Useful for schools running a flat directory, MSPs consolidating identity for clients, and any team with a SaaS estate that doesn’t want to budget for Okta or Entra P1 on top of everything else.
SSO answers one question: who is this person? It doesn’t answer what they should be able to read. Foldr never copies ACLs into a separate database. SharePoint says yes or no. AD says yes or no. S3 IAM says yes or no. Foldr asks, honours the answer, and shows the right files.
TOTP authenticator apps, Duo push, and FIDO2/WebAuthn passkeys. Trusted-device flags so users on the same laptop aren’t prompted every login. Sudo mode for sensitive admin actions.
Start a 30-day trial, no credit card. Or talk to us about self-hosting the appliance.
