Platform admins can configure authentication in Forced SSO mode or Mixed SSO mode, and switch between the two modes at any time, regardless of the identity provider and protocol used (JWT or SAML).
Forced SSO
Users can sign in to the platform only with the login and password of your identity provider. They cannot reset their password from the platform.
We suggest using this method if:
-
You want full control over user passwords.
-
You want to manage access directly from your identity provider’s dashboard.
-
You don’t need to provision users in a subgroup only.
Note that the Forced SSO mode can only be used on the platform group. Thus, if user provisioning is enabled, users will be provisioned into the platform group. It is not possible to use Forced SSO on the platform group while provisioning users into a subgroup.
If admins use the Invite by email option, and user provisioning is activated, the invited user will bypass the account creation form and will be asked to connect to their Identity Provider, and then redirected to 360Learning.
Mixed SSO
Users can sign in either:
- With the credentials from your identity provider (SSO), or
- With a 360Learning login and password.
They can also reset their password from the platform.
We suggest using this method if:
- Some users are not in your identity provider’s directory.
- You want to offer login flexibility.
If admins use the Invite by email option, and user provisioning is activated, the invited user will be able to define a password for 360Learning and log in using their email and that password, or via SSO through their Identity Provider. Note that if they enter a different first name or last name during signup, it will be overwritten by values from the identity provider, if the email matches.