// SSO & Access screen — provider selector + roles + access requests. const SSO_PROVIDERS = [ { id: 'okta', name: 'Okta', tone: '#007dc1', mono: 'Ok', active: true }, { id: 'azure-ad', name: 'Azure AD', tone: '#0078d4', mono: 'Az', active: false }, { id: 'google', name: 'Google Workspace', tone: '#ea4335', mono: 'Gw', active: false }, { id: 'saml', name: 'Custom SAML', tone: '#6b6a64', mono: 'Sa', active: false }, ]; const ROLES = [ { id: 'admin', label: 'Workspace admin', desc: 'Full access; manage connectors, users, billing', count: 4 }, { id: 'analyst', label: 'Analyst', desc: 'Ask questions, export results, save searches', count: 142 }, { id: 'viewer', label: 'Viewer', desc: 'Read-only across configured sources', count: 87 }, ]; const PENDING_REQUESTS = [ { who: 'Lina M.', email: 'lina.m@bankcorp.com', team: 'Risk Ops', wants: 'Add fraud_alerts schema', when: '2 hr ago' }, { who: 'Bayu T.', email: 'bayu.t@bankcorp.com', team: 'Procurement', wants: 'Access to Coupa connector', when: '1 day ago' }, { who: 'Maya S.', email: 'maya.s@bankcorp.com', team: 'Compliance', wants: 'Promote to Admin', when: '2 days ago' }, ]; const ScreenSSO = () => { const [active, setActive] = React.useState('okta'); const [autoProvision, setAutoProvision] = React.useState(true); const [scim, setScim] = React.useState(true); const [enforceMFA, setEnforceMFA] = React.useState(true); return (

SSO & Access

Configure single sign-on, role mapping, and review access requests.

{/* Provider picker */}

Identity provider

{SSO_PROVIDERS.map(p => ( ))}

{/* Active provider config */}

ACS URL

https://auth.nalarx.io/saml/bankcorp/acs

Entity ID

urn:nalarx:bankcorp

Last login verified · 3 min ago

{/* Two column */}

{/* Roles */}

Roles & SCIM mapping

{ROLES.map(r => (

{r.label}

{r.desc}

okta:group/nalarx-{r.id}

{r.count}

))}

Provisioning policy

{/* Pending access */}

Pending access ({PENDING_REQUESTS.length})

{PENDING_REQUESTS.map((r, i) => (

{r.who[0]}

{r.who}

{r.when}

{r.team} · wants: {r.wants}

))}

Permissions inheritance

NalarX honors source-system permissions on every query. A user only sees results from data they can already access.

ACL re-checked at query time

); }; const PolicyRow = ({ label, desc, value, onChange }) => (

{label}

{desc}

); window.ScreenSSO = ScreenSSO;