You can define the authentication means that allows members to log in to your workspace. To do so, access the Administration space, then the Authentication section.
Choose among the following options:
- Access code: Members can log in using an OTP (One-Time Password) received by email - This option cannot be disabled.
- Password: Members can define a password and use it to log in.
- Single Sign-on (SSO): Authentication via an identity supplier compatible with SAML 2.0 protocol.
Note that SSO and password cannot be enabled together.
Use case: Single Sign-On with Okta
This section describes a Single Sign-On integration process with the identity and access management solution Okta.
Step 1: Create App integration
From the Okta members dashboard, go to Applications and click Create App Integration.
Step 2: Create SAML integration
Now you need to configure the SAML settings of your application.
Step 3: Assign users
From the Assignments section, add all workspace members who will be able to authenticate via SSO and assign them to their corresponding groups.
Step 4: Configure workspace SSO parameters
1. From the Sign On section of your Okta application, go to SAML Signing Certificates and download the metadata file (xml format) to be added to your workspace SSO configuration.
2. From the authentication section of your workspace, activate the Single Sign-On feature and import the metadata file downloaded.
Note that if you choose the manual option, you need to download and import the identity provider certificate provided by Okta and fill the SSO parameters manually.
3. Access the identity provider’s response from your Okta application dashboard and retrieve the name attributes containing the user’s email, name and group.
4. From the SSO settings panel, define the name attributes containing the user’s email, name and group in the identity provider’s response.
Note that the email attribute is necessary to identify the user. Besides, both name and group attributes are necessary for automatic member creation.
Step 5: Manage automatic member creation
Once your Single Sign-On configuration is set, new members who log in via unique authentication can be automatically added to the workspace.
If the automatic member creation feature is activated, you need to define:
- the default role to be attributed to the new member,
- workspace groups and their corresponding roles.
