Identity & Access Management

Connect your identity provider to secure cloud fax.

WestFax brings faxing under the same single sign-on, directory, and access policies your organization already runs. Your team signs in once — and every fax is attributed to a real person, governed by the roles and groups you already manage.

Tell us which identity provider you run and our team will map the right path.

A smiling IT administrator working across multiple monitors beside the server racks she manages
  • Microsoft Entra ID
  • Okta
  • Ping Identity
  • OneLogin
  • Cisco Duo
  • JumpCloud
  • Google Cloud Identity
  • Imprivata
  • IBM Security Verify
Sign in with credentials you already use
Your team authenticates through the identity provider you already trust — no separate WestFax password to manage.
Provision & deprovision from your directory
As people join, move, or leave, their fax access follows your directory on every sync — powered by the Cloud Fax Toolkit.
Organize fax lines by security group
Map directory groups to the right fax lines and permission levels by team, site, and role — no per-user setup.
Works with any SAML 2.0 provider
Microsoft Entra ID, Okta, Google, OneLogin, Ping Identity, Duo, Imprivata, and other SAML 2.0 providers.

Single sign-on

Two ways to turn on SSO.

Single sign-on lets your team reach WestFax with the same credentials they already use — no separate fax password to remember. WestFax supports any SAML 2.0 provider, and you can enable it the way that fits your environment.

No toolkit required

Native SSO

SAML 2.0 configured directly with WestFax — nothing to install.

  • Authenticate through your existing identity provider
  • No separate WestFax password to manage
  • Works with any SAML 2.0 provider
  • Available on Team (add-on) and Enterprise plans
Get SSO for my account
For directory-driven teams

SSO via the Cloud Fax Toolkit

When you also want local Active Directory Sync — provisioning and fax-line permissions from your directory.

  • Everything in native SSO
  • Sync users & groups from local Active Directory
  • Fax-line access driven by security-group membership
  • Automatic onboarding & offboarding
See Active Directory Sync

Authentication is one job; provisioning is another. SSO decides how people sign in — Active Directory Sync decides who exists in WestFax and what they can reach. The two are configured separately and commonly paired.

Active Directory Sync · Cloud Fax Toolkit

Manage fax users through the directory you already maintain.

The Cloud Fax Toolkit keeps your WestFax users, groups, and fax-line access in step with Active Directory — so your directory stays the single source of truth, and fax access takes care of itself.

Two smiling healthcare team members reviewing user access on a tablet at a hospital workstation
  • User & group synchronization

    Provision WestFax users straight from your Active Directory security groups, so your directory stays the source of truth.

  • Department, location & role mapping

    Map directory groups to the right fax access by team, site, and permission level — no per-user setup.

  • Fax-line access

    Give the right people access to the right fax lines automatically, governed by directory group membership.

  • User onboarding & offboarding

    As employees join, move, or leave, their fax access follows your directory on every scheduled sync.

  • Directory-controlled permissions

    Permission levels are driven by group membership, with pre-sync validation and exempt-admin safeguards.

Enterprise · Cloud Fax Toolkit

Active Directory Sync is part of the Cloud Fax Toolkit

The Windows-based integration layer that connects EHRs, folders, and on-prem systems to WestFax is the same engine that keeps fax users, groups, and permissions aligned with your directory — and keeps email-to-fax allowed senders in step, too. What’s next: SCIM provisioning is coming soon.

  • Active Directory Sync
  • Allowed-Sender Sync
  • SAML Single Sign-On
  • SCIM (coming soon)
Explore the Cloud Fax Toolkit

Provider directory

Find your identity provider.

Find your platform to see how WestFax connects it for single sign-on and directory sync. Don’t see yours? Any SAML 2.0 provider works — just ask.

Don’t see your provider? Ask us

Search the identity providers WestFax connects with over SAML 2.0 SSO. Don’t see yours? Any SAML 2.0 provider works — ask us about yours.

Your path to go-live

Four steps.
We’re with you the whole way.

Turning on SSO starts with a conversation. Tell us your identity provider and requirements, and our team guides you from setup to launch — whether you go native or through the Cloud Fax Toolkit.

Talk to our team

Talk to our team

Tell us which identity provider you run and which plan you’re on. We confirm the right path together — native SAML 2.0 single sign-on or Active Directory Sync through the Cloud Fax Toolkit.

Map your setup together

We look at how your team signs in today and which fax lines and security groups matter, then design the configuration alongside your IT and identity admins — no guesswork before you approve it.

Configure & test

We set up SAML 2.0 — and Active Directory Sync if you need it — working alongside your team. Sign-in, fax-line access, and provisioning are all verified before anyone switches over.

Go live — with us alongside

You roll out on your timeline. We stay with you through launch and beyond, so single sign-on and directory sync keep working cleanly as your organization changes.

Get started

Turn on SSO with WestFax.

  • Already on WestFax? Tell us your identity provider and we’ll add single sign-on — and Active Directory Sync if you want it.
  • Evaluating cloud fax providers? If SSO is a requirement, WestFax meets it — on a HITRUST-certified, HIPAA-compliant network with a BAA available.
Team (add-on) Enterprise Not available on Solo

SSO is an add-on on Team plans and included on Enterprise. Talk to us about your plan →

Having trouble loading the form? Reach the team directly and we’ll map the right path to turn on SSO.

Talk to our team
A compliance officer and colleague reviewing secure records at a workstation

Security & Compliance

Compliant by Design

Controlling who can send and receive a fax is a security control. WestFax ties faxing to the identity your organization already governs — and holds the certifications to protect the data behind it.

HITRUST R2 Certified
HIPAA Compliant · BAA available
SOC 2 Type II Audited
PIPEDA Compliant
Also certified & compliant
  • PCI DSS
  • CJIS
  • GLBA
  • FERPA
  • TX‑RAMP

Single sign-on means there are no shared fax logins to manage — people sign in with the identity they already use. Documents travel over encrypted HTTPS to the WestFax cloud, with strict role-based access and complete audit trails.

Discuss security requirements

Multi-factor authentication

MFA on every account — included free.

Strong authentication shouldn’t be a premium feature. WestFax includes multi-factor authentication on every account, so a password alone is never enough to reach your faxes. Unlike single sign-on, MFA isn’t gated by plan — every account gets it, at no extra cost.

Solo Team Enterprise

Included free on every plan — no add-on required.

  • A second factor on every sign-in

    Beyond the password, each user confirms a second factor — so a stolen or guessed password alone can’t send or receive your faxes.

  • Included free on every plan

    Solo, Team, and Enterprise — MFA comes with every WestFax account at no extra cost. There’s no tier to upgrade to and no add-on to buy.

  • Part of a strong HIPAA posture

    Multi-factor authentication is a core safeguard for protecting access to PHI. It strengthens your HIPAA security posture for the sensitive documents that move through fax — on a HITRUST-certified, BAA-backed network.

FAQ

Frequently asked questions

They do two different jobs. Single sign-on controls how users authenticate — they sign in through your identity provider instead of a separate WestFax password. Active Directory Sync controls who exists in WestFax and what they can reach — provisioning users, fax-line access, and permission levels from your directory groups. They’re configured separately and are commonly paired.

No. SSO can be enabled natively — SAML 2.0 configured directly with WestFax, with nothing to install. You only need the Cloud Fax Toolkit when you also want local Active Directory Sync — provisioning, deprovisioning, and fax-line permissions driven by your directory groups.

Any SAML 2.0 provider. That includes Microsoft Entra ID (Azure AD), Microsoft on-premises Active Directory, Okta, Google, OneLogin, Imprivata, Ping Identity, Duo, JumpCloud, IBM, and others. If your provider speaks SAML 2.0, it works — search the directory above or ask us about yours.

SSO is available on Team plans as an add-on and is included on Enterprise. It is not available on Solo plans. Tell us your plan and we’ll confirm the right path.

Yes. If you’re on a Team or Enterprise plan, we can turn on single sign-on for your existing account. Tell us which identity provider you run and we’ll map the path — and add Active Directory Sync through the Cloud Fax Toolkit if you want directory-driven provisioning too.

Ready to turn on SSO?

Tell us your identity provider and requirements. We’ll map the right path — native SSO, Active Directory Sync, or both.

With Active Directory Sync, you map directory groups to the right fax-line access and permission levels by team, site, and role. Membership in a group is what grants access — so giving someone the right fax lines is as simple as adding them to the right group, with no per-user setup.

Their fax access follows your directory. As employees join, move between departments, or leave, Active Directory Sync keeps their WestFax access — and email-to-fax allowed-sender permissions — aligned on every scheduled sync, so onboarding and offboarding stay seamless.

SCIM provisioning is coming soon. Today, directory-driven provisioning is handled through Active Directory Sync in the Cloud Fax Toolkit. If SCIM is on your roadmap, tell us — we’ll share where it stands.

Yes. WestFax is HITRUST R2 certified, SOC 2 Type II audited, and fully HIPAA compliant. We sign a Business Associate Agreement as standard for healthcare customers — and single sign-on strengthens that posture by removing shared logins and attributing every fax to a real user.