A short, honest answer to one of the most common security-evaluation questions we get from larger and enterprise merchants: does Biller Genie support Single Sign-On (SSO) via SAML or OpenID Connect?
Current status: SSO is not supported today
Biller Genie does not currently support SAML, OpenID Connect, or other federated identity providers (Okta, Azure AD / Entra ID, Google Workspace SSO, Duo SSO, JumpCloud, etc.). Every Biller Genie user authenticates with a Biller Genie-managed username (email address) and password, plus optional per-user Two-Factor Authentication.
This applies to all plan tiers, including premium plans with granular role permissions.
What we do have today
Per-user Two-Factor Authentication
Every Biller Genie user can enable Time-based One-Time Password (TOTP) Two-Factor Authentication and back it up with recovery codes. TOTP works with Google Authenticator, Microsoft Authenticator, Authy, 1Password, and any other RFC 6238-compliant authenticator. See Setting Up Two-Factor Authentication.
Limitation: 2FA is opt-in per user. There is no org-level toggle to require 2FA for everyone. If your security policy mandates 2FA for every Biller Genie account, you'll need to walk each user through enabling it.
Granular role-based permissions
On premium plans, Biller Genie offers seven granular role permissions (Super User, Settings Manager, Add-Ons Installer/Configurator, Subscription Editor, Dashboard Viewer, Report Viewer) that give you fine-grained control over what each user can do in the system. See Managing Users in Biller Genie.
Session and password controls
- Auto-logout after 25 minutes of inactivity in production. Sessions cannot be persisted longer than this. See Why Biller Genie Logs You Out.
- Password requirements are enforced at the platform level — minimum length, complexity, and a check against known breached passwords.
- Immediate session invalidation when a user is disabled — the disabled user's next API call or page request is denied, even if their browser tab was open.
If your security policy requires SSO
A few practical options merchants take when their security team is asking for SSO:
- Use a password manager with 2FA (1Password, Dashlane, Bitwarden Business, LastPass Business) to centralize credential management. Combined with per-user TOTP on Biller Genie, this gives you most of the operational benefits of SSO — central rotation, central revocation when an employee leaves, and audit visibility into who has Biller Genie credentials.
- Disable departing employees immediately. Disable in Biller Genie revokes access and invalidates sessions on the next request — equivalent to SCIM deprovisioning for the surface area we expose.
- Audit your Biller Genie user list quarterly against your active employee roster.
Will SSO be supported in the future?
SSO is on the roadmap and is one of the most-requested security features from enterprise customers. We don't have a committed timeline. If your organization needs SSO to adopt or expand Biller Genie, contact support@billergenie.com — every customer ask gets logged against the SSO feature request and weighed in our roadmap planning, and we'll let you know if/when SSO becomes available in beta.