For Enterprise

Multi-country groups. One operating layer.

Q: Where is data hosted? What about residency?

Data is hosted in regional clouds aligned to local data residency rules: India-resident data on Indian regions (per DPDP), EU on EU regions (per GDPR), UAE on regional regions, etc. Each tenant is isolated. Cross-border transfers are explicit and logged. Encryption at rest and in transit, key management via KMS with optional customer-managed keys on Scale tier.

Q: How do you handle SOC 2 / ISO 27001 evidence?

SOC 2 Type II report (audited annually by a Big-Four firm) and ISO 27001 certificate available under NDA via the Trust portal. Penetration test summaries, architecture overviews and SDLC documentation provided as part of the InfoSec review. Customer-specific security questionnaires (CAIQ, SIG) supported.

Q: What is the SLA?

Scale tier includes 99.95% platform uptime, 24x7 incident response with severity-based response times (Sev 1: 30 min response, 4-hour resolution target). Maintenance windows pre-announced. Status page at status.onefinops.com. Service credits per the MSA on SLA breach.

Q: How does identity federation work?

SAML 2.0 SSO with Okta, Azure AD, Google Workspace, OneLogin and any compliant IdP. SCIM 2.0 for user provisioning, de-provisioning and group sync. JIT user creation. Multi-IdP federation supported (different subsidiaries on different IdPs).

Q: Can we self-host or use a private cloud?

Single-tenant private cloud deployments are supported on Scale tier for groups with strict data sovereignty requirements (defence, BFSI, government). On-premise deployments are case-by-case via the enterprise architecture team.

Q: What does pricing look like?

Custom MSA, scoped to your entities, countries, modules, integrations and SLA. Multi-year commitments unlock dedicated infrastructure, named team and custom roadmap. Talk to sales for a quote.

Q: How do you handle audit, IFC and SOX-style requirements?

Per-line-item, per-edit audit trail with source documents linked. Period locks with approval-gated reopens. Segregation of duties enforced via role-scoped permissions. ICFR-aligned controls documented per workflow. Customer auditors get a scoped, time-bound view.

Multi-entity consolidation, SAML SSO, SCIM, audit log exports, custom reports, 24x7 SLA and a named CSM. Built for groups running across countries and operating units.

Talk to sales Book a demo

Audit trail with every journal entry time-stamped

Multi-entity consolidation with group controls

What enterprise needs

The capabilities that gate the procurement form.

At enterprise scale, every line on the security review and procurement form is non-negotiable. We have signed off on hundreds.

Multi-entity consolidation

Each entity owns its books, currency and tax engine. Group view consolidates with FX translation, intercompany elimination and minority interest.

Multi-country tax surface

India (GST/TDS), UAE (VAT/CT), Singapore (GST), US (sales tax/1099), UK (VAT/MTD), EU (VAT/OSS). Each country owns its own engine.

SAML SSO and SCIM

Identity federation with Okta, Azure AD, Google Workspace, OneLogin. SCIM for user provisioning and de-provisioning.

Audit log exports

Every action logged. Streamed to your SIEM (Splunk, Datadog, Sumo Logic). Retention configurable per regulation.

Custom reports & API

Drag-and-drop report builder, REST + GraphQL APIs, Snowflake/BigQuery sinks, scheduled email/Slack delivery.

Named CSM and 24x7 SLA

A dedicated customer success manager, a solution engineer for new rollouts, 24x7 incident response with severity SLAs.

Coexistence with NetSuite and SAP

The operating layer for subsidiaries.

Many groups run NetSuite or SAP at the parent for group consolidation and reporting. OneFinOps sits in operating subsidiaries as the AR, AP, procurement, compliance and reports layer. Bidirectional integration keeps the parent in sync; local subsidiaries get a faster, cheaper, country-aware platform.

Bidirectional NetSuite, SAP, Oracle Fusion integrations
Subsidiaries adopt OneFinOps without disrupting consolidation
Per-subsidiary local statutory compliance handled in-platform
Group-level rollup feeds the parent ERP via scheduled sync

See integrations

Group ERP coexistence diagram with a black parent ERP card at the top labelled NetSuite, SAP and Oracle Fusion, three subsidiary cards below for India, Singapore and UAE running OneFinOps, bidirectional sync labels on each branch, and a sync-cadence side card showing AR/AP hourly, GL nightly and consolidation monthly.

Implementation at enterprise scale

A solution engineer, not a salesperson.

Enterprise rollouts get a dedicated solution engineer alongside the implementation lead. Custom workflows, integrations to non-standard systems, data migration from legacy ERPs, change management for the finance org. The 30-day go-live runbook is tuned per group.

Dedicated solution engineer and implementation lead
Custom integration build (one included per year on Scale tier)
Phased rollout across subsidiaries with risk gating
Change management for the finance team and partners

Talk to sales

Enterprise rollout swimlane with a top header showing the dedicated four-person team and three subsidiary swimlanes below: India already live, Singapore mid-UAT, UAE in build. Connected by risk-gate diamonds between phases and bisected by a today line at day 19 of 90.

What enterprise teams see

At scale, by the numbers.

Unlimited

Entities and countries

24x7

Incident response SLA

99.95%

Platform uptime, 12-month rolling

< 30 days

Median full-group go-live

Enterprise FAQ

What procurement and InfoSec ask before they sign.

Where is data hosted? What about residency?

Data is hosted in regional clouds aligned to local data residency rules: India-resident data on Indian regions (per DPDP), EU on EU regions (per GDPR), UAE on regional regions, etc. Each tenant is isolated. Cross-border transfers are explicit and logged. Encryption at rest and in transit, key management via KMS with optional customer-managed keys on Scale tier.

How do you handle SOC 2 / ISO 27001 evidence?

SOC 2 Type II report (audited annually by a Big-Four firm) and ISO 27001 certificate available under NDA via the Trust portal. Penetration test summaries, architecture overviews and SDLC documentation provided as part of the InfoSec review. Customer-specific security questionnaires (CAIQ, SIG) supported.

What is the SLA?

Scale tier includes 99.95% platform uptime, 24x7 incident response with severity-based response times (Sev 1: 30 min response, 4-hour resolution target). Maintenance windows pre-announced. Status page at status.onefinops.com. Service credits per the MSA on SLA breach.

How does identity federation work?

SAML 2.0 SSO with Okta, Azure AD, Google Workspace, OneLogin and any compliant IdP. SCIM 2.0 for user provisioning, de-provisioning and group sync. JIT user creation. Multi-IdP federation supported (different subsidiaries on different IdPs).

Can we self-host or use a private cloud?

Single-tenant private cloud deployments are supported on Scale tier for groups with strict data sovereignty requirements (defence, BFSI, government). On-premise deployments are case-by-case via the enterprise architecture team.

What does pricing look like?

Custom MSA, scoped to your entities, countries, modules, integrations and SLA. Multi-year commitments unlock dedicated infrastructure, named team and custom roadmap. Talk to sales for a quote.

How do you handle audit, IFC and SOX-style requirements?

Per-line-item, per-edit audit trail with source documents linked. Period locks with approval-gated reopens. Segregation of duties enforced via role-scoped permissions. ICFR-aligned controls documented per workflow. Customer auditors get a scoped, time-bound view.

Talk to enterprise sales.

A scoping call with our solution engineer, a security review pack on day two, an MSA on day five. We move at procurement speed, not sales speed.

Talk to sales Book a demo