Sign in through your IdP with SAML Single Sign-On.
Authenticate through your identity provider (Okta, Azure AD, Google Workspace, any SAML 2.0 IdP). Centralizes access management and removes the per-account credential surface.
PLATFORM / GOVERNANCE
Turn on enterprise governance the day you need it. Identity, access, audit, and compliance unlock in-app on Axiom Cloud, without a sales conversation or contract amendment.
WHAT GOVERNANCE LOOKS LIKE ON AXIOM
ARCHITECTURE / GOVERNANCE
Every enterprise control on Axiom Cloud is a self-serve add-on, billed per month, toggled from the Settings page. RBAC ($50 / mo), Audit Log ($50 / mo), SAML SSO ($100 / mo), and Directory Sync ($100 / mo) ship without a sales conversation. Add them when you need them; remove them when you don't.
TECHNICAL DEEP DIVES
Authenticate through your identity provider (Okta, Azure AD, Google Workspace, any SAML 2.0 IdP). Centralizes access management and removes the per-account credential surface.
Granular permissions by role, dataset, and action. Essential for organizations with multiple teams accessing shared resources.
Automatic user provisioning and deprovisioning from your organizational directory. Access stays in sync as your team changes; nothing to revoke by hand.
Every administrative action captured: invites, role changes, dataset access, monitor edits. Queryable in APL like any other dataset.
Spend alerts and spending limits set in-app. Usage beyond the limit is paused rather than auto-billed.
Data residency and write-side multi-region from a single Axiom organization. SOC 2 Type II, GDPR, HIPAA BAA (self-serve add-on). A clean SOC 2 opinion on the roadmap.
“My finance team loves predictability. This is the year we can commit to Axiom.”
— Andres Hernandez, Co-founder & CTO of Hapn
FAQ
COMPLIANCE AND AUDIT
SOC 2 Type II and GDPR. HIPAA BAA is a self-serve add-on on Axiom Cloud. The Trust Center carries the current report and sub-processor list (NDA required for the full SOC 2).
Administrative actions: invites, role changes, dataset access, monitor and dashboard edits, organization-level changes. The audit log is a queryable Axiom dataset.
IDENTITY AND ACCESS
Any SAML 2.0 provider. Okta, Azure AD, Google Workspace, OneLogin, and others are all in use today.
Directory Sync removes user access automatically when an IdP group membership ends. Manual revocation is one click in the Axiom Console. Audit Log captures every change.
ARCHITECTURE AND RESIDENCY
Edge architecture supports residency and write-side multi-region from a single Axiom organization. Pick a region per workload; one Axiom org spans them all. Edge architecture does not provide automatic cross-region query failover.
Yes, as a supported capability: bring your own S3 bucket and Axiom's proprietary engine operates on top. (BYOB is about object storage, not bringing your own database; Axiom's engine isn't ClickHouse-derived.) Storage is a small share of TCO, so the operational drag of running BYOB usually outweighs the savings.
PRICING AND SPEND
Per organization. RBAC at $50 / mo and SSO at $100 / mo are flat monthly fees, regardless of how many users you add (subject to soft limits).
Yes. Spending limits and spend alerts are set in-app at the organization level. Usage beyond the limit pauses; nothing is auto-billed past your cap.
Petabyte-scale ingest. Pricing you can predict.Enterprise add-ons unlock in-app.