Enterprise Ready

Enterprise-grade cloud cost management

SSO, RBAC, approval workflows, and audit trails — the security and governance controls your organization requires, built into every layer.

Contact sales Get started free

Built for security-first organizations

Every enterprise control you need to pass procurement, security review, and compliance audits.

SAML SSO

Single sign-on with Okta, Azure AD, OneLogin, or any SAML 2.0 identity provider. Auto-provisioning and domain detection included.

RBAC with per-account access

Fine-grained role-based access control. Assign viewer, editor, or admin roles scoped to specific cloud accounts, teams, or cost centers.

Approval workflows

Recommendations require explicit approval before execution. Configurable approvers per team with full audit trail of every request and decision.

Comprehensive audit trail

Every login, credential access, recommendation action, and admin change is logged with timestamp, user, and IP address. Export to SIEM.

AES-256 credential encryption

All cloud credentials encrypted at rest with AES-256-GCM. Stored in an isolated secrets vault, decrypted in memory only during API calls.

Mandatory 2FA enforcement

Enforce two-factor authentication across your entire organization. Supports TOTP authenticator apps and WebAuthn security keys.

Single sign-on, zero friction

Connect your corporate identity provider and your team signs in with existing credentials. No separate passwords to manage, no accounts to provision manually.

  • Okta, Azure AD, OneLogin, and any SAML 2.0 IdP
  • Auto-provisioning with configurable default role
  • Email domain detection for automatic SSO routing
  • Password fallback for break-glass admin access
Learn more about SSO →
xplorr -- SSO login

Sign in to Xplorr

[email protected]

SSO detected for acmecorp.com

Continue with Okta SSO
SAML assertion validated

Security controls

  • AES-256-GCM encryption for all credentials at rest
  • TLS 1.2+ enforced for all data in transit
  • Read-only cloud access — Xplorr cannot modify your infrastructure
  • Credentials isolated in a separate secrets vault
  • Short-lived JWT sessions with automatic token rotation
  • Rate limiting and account lockout on all authentication endpoints
  • Automated daily database backups with 30-day retention
  • Continuous uptime and anomaly monitoring

Compliance readiness

Current security posture and upcoming certifications.

Control Status
AES-256 encryption at rest Available
Comprehensive audit logs Available
Role-based access control Available
Mandatory 2FA (TOTP + WebAuthn) Available
SAML SSO Available
SOC 2 Type II Coming soon
HIPAA BAA Coming soon
ISO 27001 Coming soon

Ready for enterprise?

Talk to our team about SSO, RBAC, custom contracts, and dedicated support.

Contact sales Start free trial