SSO with SAML & SCIM

Linus_Espach · November 22, 2023, 9:01am

Hi Peplink,

To enable companies to centrally manage theire users, it should be possible in a modern environment to bind the peplink-ID of a company domain against its own iDP like AAD or Okta by using SAMLv2 and do provisioning with SCIM.

This is super default for a security product in 2023.

Best regards
Linus

Maxwell_Paine · November 22, 2023, 4:32pm

I second this request.

padaco-daniel · November 23, 2023, 3:04pm

For Peplink ID this is already possible. We have linked AAD to Peplink ID and I can login to inControl with my Microsoft business account.

Don’t remember which steps to take, but it is already possible.

Linus2_Espach2 · November 23, 2023, 7:00pm

Hi @padaco-daniel ,

Right, there is a button “login with M365” that enables you to forward authentication to MS. Never the less, you can not restrict access method to that and it is always possible for users to fall back to username & password. So this is not a valid solution if you want to increase security and deploy centralised iDP as default authentication.

Best regards
Linus

padaco-daniel · November 24, 2023, 9:01am

All systems I have linked to M365 SSO have the same that ’local users’ still work after linking to AAD. In other systems I have just removed the ‘local users’ from the systems and only the AAD entries are left. Just kept 1-2 fail save accounts in case AAD/SSO would be down someday.

Haven’t tested what inControl does when you remove a local user from inControl if the account can still login when given the proper rights inside the Enterprise Application in AAD.

formanm · July 29, 2024, 5:51am

I need BYO IdP before I can implement InControl for my enterprise. Cradelpoint Netcloud does this today (7/29/2024) which will be direction I have to go until this is corrected.

IT_Cornelisvrolijk · December 30, 2025, 8:12am

Dear Peplink Team,

On behalf of Cornelis Vrolijk Holding, a large enterprise user of Peplink solutions for our SD-WAN and network management needs, I am submitting this formal request to prioritize the implementation of SAML 2.0-based Single Sign-On (SSO) support in the cloud-hosted InControl 2 platform.

As an organization with strict security and identity governance policies, we rely on centralized identity providers such as Microsoft Entra ID (Azure AD) and/or Okta for all SaaS applications. The current authentication options (Peplink ID with optional Google federation and 2FA) do not meet our enterprise requirements for:

Seamless integration with our existing Identity Provider (IdP)
Centralized user provisioning/de-provisioning (ideally with SCIM support)
Compliance with zero-trust and least-privilege access models
Reduced administrative overhead and improved security posture

This feature has been repeatedly requested by the community since 2021 (e.g., in threads such as https://forum.peplink.com/t/saml-sso-for-incontrol/33059 and https://forum.peplink.com/t/sso-with-saml-scim/45092), and its absence is increasingly becoming a barrier for larger organizations adopting or expanding Peplink deployments—particularly as competitors in the SD-WAN space already offer robust SAML/SSO integrations.

Implementing SAML SSO would significantly enhance InControl 2’s appeal to enterprise customers like ours and align it with industry standards.

We kindly request that this be added to the public roadmap with an estimated timeline, or at minimum, an official acknowledgment of its priority.

Thank you for your attention to this matter. We value our partnership with Peplink and look forward to your response.

Best regards (on behalf of Cornelis Vrolijk Holding B.V.)

Niels Jan Bruggenkamp (IT Architect)