Sign-On Policy

Use the Sign-On Policy page to control how users log in to your Aembit tenant. The settings in this page allow you to customize the login experience and security level according to the organization's needs. The Sign-On Policy page offers two key options to enhance security and streamline the authentication process:

Require Single Sign-On (SSO)

Pre-requisites: This option is available only to tenants with enabled Identity Providers feature.
Description: This option mandates that users authenticate through a Single Sign-On provider. This not only simplifies the login process but also enhances security by centralizing authentication management.

note
When you turn on the require SSO option, your users with the system Super Admin role can always use the native sign-in option (username and password).

Require multi-factor authentication (MFA) for native sign-in

Description: This option enforces the use of multi-factor authentication for users logging in directly through Aembit's native sign-in method. When enabled, users must provide an MFA code, as well as their password. This markedly increases security by adding an extra layer of protection against unauthorized access.

Aembit provides users a 24-hour grace period once you require users to authenticate with MFA. The grace period resets for any users that update their accounts (for example: due to a password reset or account unlocking activity). After this period, accounts without configured MFA will be locked.

Required permissions

Access to policy settings on this page is controlled by the Sign-On Policy permission.

Require Single Sign-On (SSO)​

Require multi-factor authentication (MFA) for native sign-in​

Required permissions​

Require Single Sign-On (SSO)

Require multi-factor authentication (MFA) for native sign-in

Required permissions