Enterprise SSO is Clerk-backed, not a custom in-app IdP.
Supported provider enums (API/UI):
google_workspaceazure_adokta
Backend maps these to Clerk SAML strategies (e.g. saml_google, saml_microsoft, saml_okta).
Admin workflow (Settings → Identity & SSO):
- Choose provider and connection details
- Verify domain ownership
- Finalize connection
- Optional: disable identity, revoke sessions, test login
End-user sign-in: /auth/enterprise-sso → IdP → /auth/sso-callback.
Requires NEXT_PUBLIC_CLERK_ENTERPRISE_ENABLED=true on the frontend.