Skip to main content

Authentification & SSO

The Authentication & SSO section enables administrators to define how users log in to the platform, manage single sign-on configurations, and enforce password security policies. To access it: Go to Account > Settings > Auth from the top navigation menu.

Role Management

1. Different Authentication methods

Softyflow supports a variety of authentication strategies to meet your security needs:

Google Authenticator (2FA)

Adds a second layer of authentication using time-based one-time codes generated by the Google Authenticator mobile app. After entering their password, users must enter a code from the app to access the platform.

Role Management

Microsoft Authenticator (2FA)

Functions similarly to Google Authenticator, providing one-time codes via the Microsoft Authenticator mobile app. This enhances protection against password theft.

Role Management

QR Code Auth

Allows users to scan a unique QR code with an authentication app to complete their login. This method is typically used for account linking or seamless access flows.

Role Management

SSO with SAML

Softyflow supports SAML 2.0-based Single Sign-On (SSO), allowing users to log in through your organization's identity provider.

Role Management

To configure SAML:

  • Identity Provider Entry: Your company’s authentication endpoint.
  • Issuer: Unique identifier of your SAML configuration.
  • Logout Redirect: URL where users are redirected post-logout.
  • NameID Format: Defines user identifiers (e.g., email address or persistent ID).
  • Enable Encryption: Optional setting to encrypt assertions and metadata.
  • Certificate: Required to verify identity and secure the data exchange.
  • Parameters: Additional values such as RelayState, ACS URL, and RequestedAuthnContext for advanced configuration.
Role Management

OpenID Connect (OIDC)

In addition to SAML, Softyflow supports OpenID Connect for modern SSO needs using OAuth 2.0 and JWT-based identity tokens. Ideal for integration with providers like Google, Azure, Okta, and others.

2. Password Management

Enforce strong access controls with customizable password policies:

First Login Reset

Force users to reset their password during their first login session. This enhances account protection after admin-initiated creation.

Enable Forgot Password

Activate this feature to allow users to request a reset link via email if they forget their password.

Password Expiration

Require users to update their password periodically. You can set the number of days before a password expires.

Custom Password Settings

Use regular expressions to enforce password complexity rules (e.g. minimum length, inclusion of numbers/symbols). For example:

  • Regex: ^(?=.[A-Z])(?=.\d)[A-Za-z\d]{8,}$
  • Message: "Password must be at least 8 characters, include an uppercase letter and a number."

By combining authentication methods, SSO protocols, and password policies, you can secure access to your platform while adapting to your internal IT practices.