Authentication is the gate that determines who can log in to a digital workplace.
Authentication is the process that controls and manages how users log in to a digital workplace (hub or spoke site). We provide three different methods of authentication Igloo Auth, LDAP Auth, and SSO. The choice of which method to use is often determined by what is already in use by your organization.
A workplace's authentication method is configured from the Enterprise Administration Panel, or from a workplace's Sign-in Settings page. If you are using an SSO identity provider (IdP), additional configuration needs to be done from within the IdP. These steps are outlined in our SSO setup guides:
Playbook Tip: Manage user membership from a single source Some authentication methods (SSO) allow you to add users to a workplace if they are able to authenticate. We recommend not using this option when you are also managing membership with ILST. It is best to have only a single source of truth when it comes to member management.
Did you know?
The same authentication method (or IdP) does not need to be used for each site in the networked enterprise. For example, you may have some sites authenticating with Microsoft ADFS, while a recent acquisition may be using Microsoft Azure to manage their site authentication.
Once logged into their home spoke, users can navigate to other spokes and hubs that they are members of without needing to log in again.
Successfully authenticating to a workplace does not guarantee a user can see all the content in the workplace. The visibility of content is determined by Access Rules.
Networked Enterprise Tip: Identify authentication methods and permissions for both the central hub and individual spoke sites
If the central hub of your networked enterprise is going to be used for sharing content or collaborating across spokes, it’s crucial to identify and set up your authentication requirements and permissions before launch. Think about:
Will there be a common Active Directory (AD) for both the central hub and spoke sites or will there be a unique AD for each spoke?
Are there any spokes and/or key areas that have security or confidentiality requirements and therefore should have strict permissions?
Which groups will need permissions to access which spoke sites?