As enterprises increasingly adopt hybrid and private cloud deployment strategies, SaaS companies are providing on-premises versions of their applications with essential enterprise features like SSO, MFA, user provisioning, and audit trails. Descope offers a flexible identity platform that functions effectively both in the cloud and within customer-hosted environments, facilitating its integration into on-premises or hybrid setups. Key deployment considerations include isolating credentials, ensuring connectivity with Descope APIs, supporting secure redirects, and integrating with customer-managed identity providers. To enable secure communication in these environments, two primary strategies are suggested: configuring firewall rules or using reverse proxy tunnels such as ngrok or Cloudflare Tunnel. These strategies are aimed at maintaining secure HTTPS communication, supporting webhooks and redirects, and ensuring compliance with internal IT policies, even in air-gapped environments. Descope's platform supports both tenant-specific and project-wide SSO connections, making it suitable for multi-tenant SaaS platforms, and provides a guided configuration flow for connecting with common on-premises identity providers.