Password Manager for Enterprise

Honest take: PassCryp is not a turnkey enterprise IAM platform today. We serve teams up to 50 seats well and we are building toward larger deployments. Here's what we ship now, what's on the roadmap, and when to pick us vs the alternatives.

Start your free vault Security model

Today: 5–50 seats

Shared vaults, audit logs, per-seat pricing, CLI access, zero-knowledge encryption. Manual invite + Argon2id master passwords.

Coming in 2026: SAML SSO

Federated login via your IdP (Okta, Azure AD, Google). Already in design; targeting Q2 2026 ship.

Coming in 2026: SCIM provisioning

Automated provisioning and deprovisioning via SCIM 2.0. Designed alongside SAML rollout.

Coming in 2026: SOC2 Type II

Control set is in place; formal audit scheduled for 2026. Bridge letters available on request before that.

When to choose 1Password instead

If you need SAML, SCIM, or SOC2 today, buy 1Password Business or Bitwarden Enterprise. We'll happily export your data when we catch up.

What enterprise features actually mean

SAML SSO: members sign in with your corporate identity provider (Okta, Azure AD, Google Workspace). No separate password to manage. Required for most security-conscious organizations above ~50 employees.

SCIM provisioning: when HR adds a new hire to the directory, the password manager automatically creates an account and assigns default vaults. When HR offboards, the manager automatically deprovisions. Removes the manual step that gets skipped during fast offboards.

SOC2 Type II: independent auditor verifies that your control set actually operates as documented for a sustained period (typically 6–12 months). The compliance signal most enterprise buyers require.

What we already do well at any scale

Encryption. Argon2id at OWASP parameters, AES-256-GCM with fresh nonces, zero-knowledge architecture. The crypto layer is the same regardless of seat count.

Audit logging. Every action writes a row with actor, IP, timestamp, and item ID. Logs export to CSV or JSON; SIEM integration via webhook is straightforward.

Multi-vault organization. Group credentials by team, project, or environment. Members see only assigned vaults. Per-vault keys mean revoking a member rotates only the vaults they touched.

Migration path: enterprise → PassCryp later

Today, if you're a large enterprise, the right move is 1Password Business or Bitwarden Enterprise. Both ship SAML, SCIM, and SOC2 today and serve the use case well.

When PassCryp ships its enterprise tier in 2026, we'll provide a migration tool that imports an encrypted export from 1Password (1pux) or Bitwarden (encrypted JSON) and preserves shared-vault structure. Until then, stay where you are; we don't believe in selling vaporware.

Frequently asked questions

Can I deploy PassCryp for 500 employees today?

Technically yes, practically not yet. You'd be manually managing invites and master passwords without SSO. Wait for the 2026 enterprise tier or use 1Password / Bitwarden in the meantime.

When is SAML SSO shipping?

Target Q2 2026. Beta access list is open — email us to join.

Do you offer a SOC2 bridge letter?

Yes, on request. The full SOC2 Type II audit is targeted for late 2026.

What about HIPAA, FedRAMP, ISO 27001?

HIPAA: BAAs available for Pro customers on request. FedRAMP and ISO 27001: not on the roadmap; pick a different vendor if these are required.

Where is data hosted?

EU and US regions on Supabase-managed Postgres with per-row Row-Level Security. EU data residency available on Pro.

Can we self-host?

Not today. Self-hosting is on the consideration list for 2027.

Ready to take control of your secrets?

Start a free zero-knowledge vault in under 60 seconds.

Start your free vault