We offer several login methods to help your users access our platform. This article will help you choose the best one for your needs.
Keep in mind that you can combine multiple login methods within your organization to cater to diverse use cases. If you are unsure which methods are best for your organization, reach out to your Customer Success Partner (CSP).
Log in with an email address and a password (standard)
This is the most common and traditional authentication method. Users log in by entering their unique email address and a corresponding password directly into our platform's login page.
- Ideal for: Users who have a dedicated, individual corporate email address.
- How it works: Users log in with their unique email address and password. Platform admins can activate password restrictions to enforce specific complexity and history requirements for user passwords.
-
Benefits:
- Full access to all platform features.
- Enables personalized email notifications.
- Supports self-service password resets initiated via email.
- Considerations: Requires each user to have a unique, active, and accessible email inbox.
- Activation: This login method is enabled by default.
Log in without a password
This method simplifies the login by removing the need for a password. Users can authenticate by requesting a login link via email.
- Ideal for: Users with an email address who prefer a passwordless login experience.
- How it works: Users enter their email address on the login page, then receive and click a single-use login link sent to their inbox.
-
Benefits:
- No passwords to remember or type.
- Quick login across all assigned platforms from one email.
- Considerations: Requires each user to have a unique, active, and accessible email inbox.
- Activation: By default, this login method is not enabled. Detailed steps are available in the Log in without a password article.
Log in with SSO (Single Sign-On)
SSO enables users to log in to our platform by authenticating through an external organizational identity provider (IdP), such as OpenID, Okta, and Azure AD.
- Ideal for: Organizations that utilize a central Identity Provider (IdP) for unified user authentication and management across multiple applications.
- How it works: Instead of entering credentials directly into our platform, users are redirected to their company's familiar login portal or automatically authenticated if already logged into their company's network. The IdP then securely confirms the user's identity to our platform. When configuring SSO, you can choose between forced and mixed SSO to dictate user login behavior.
-
Benefits:
- Centralized control over authentication and user access.
- Users have fewer passwords to remember across various applications.
- Considerations: Requires initial configuration between your Identity Provider and our platform.
- Activation: By default, this login method is not enabled. Detailed configuration steps are available in the following articles:
Log in with an email alias and a password
This method allows multiple users to log in with unique "email-like" identifiers that all route to a single, designated primary email inbox.
- Ideal for: Groups of users who don’t have individual corporate email addresses.
-
How it works: Users enter their specific email alias (e.g.,
supermarket.paris16#managername@domain.com) and a password directly into our platform's login page. -
Benefits:
- Provides unique login identifiers for numerous users without requiring separate, individual email inboxes for each.
- Access to all platform features, except email notifications.
-
Limitations:
- Individual users using aliases will not receive personalized email notifications directly from the platform. All notifications are sent to the designated primary email address for the aliases.
- Some users may sometimes find it challenging to remember their specific alias (e.g., complex alias formats can be harder to recall than a simple username).
- In some cases, high volumes of emails sent to the primary email address collecting many aliases might occasionally be flagged as spam by email providers.
- Activation: This login method is enabled by default.
Log in with a username and a password (MVP)
This method allows users to authenticate using a unique username instead of an email address.
-
Ideal for: Users without a unique and stable email address (e.g., frontline or seasonal workers) and organizations facing specific challenges where email aliases are not ideal, such as:
- Frequent email changes.
- Desire to align with existing internal usernames.
- Concerns about users forgetting aliases.
- How it works: Users log in directly using a unique username and a password, without requiring an email address.
-
Benefits:
- Provides a direct and simplified login experience for non-email users.
-
Important limitations: This is a Minimum Viable Product (MVP) with limited administrative capabilities compared to other login methods. We are continuously working to enhance this feature, but it's crucial to understand its current state before activation.
- Advanced administrative tasks like mass management of managers/managees, mass user deletion, or searching for users by username in all parts of the platform are not yet available.
- A user who forgets their password needs to contact an administrator outside the platform for a manual password reset.
- Usernames are not yet fully visible in custom reports and dashboards.
- Users cannot create their accounts using only a username through self-registration links.
- Each username must be unique across all our platforms, not just within your organization’s instance.
- For Single Sign-On (SSO), usernames are only compatible with SAML. They don't work with OIDC or JWT.
- Users created with only a username and a password will not receive any email notifications from the platform.
- Activation: By default, this login method is not enabled. Detailed configuration steps are available in the Enable login with a username article.