Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Authentication Settings

            Modified on Thu, 18 Dec at 1:07 PM

            Authentication Settings


            This guide explains how to configure authentication settings for a company. These settings control how users can log in to the system and what security measures are enforced.


            Overview

            The Authentication Settings page allows companies to:

            • Choose which login methods users can use.
            • Control whether private email addresses can be used for login.
            • Require multi-factor authentication (MFA) for all users.


            Access: 

            • The Authentication Settings page is located at Settings → Authentication Settings 
            • You need to be an Owner in system to be able to access this page.


            1. Allowed Login Methods

            This section lets companies choose which authentication methods users can use to log in to the system.


            Available Login Methods

            Companies can enable one or more of the following login methods:

            • Email & Password - Users log in with their email address and password
            • Google - Users can sign in using their Google account
            • SAML Single Sign-On (SSO) - Users authenticate through the company's SSO provider



            image-20251210-155655.png


            How It Works

            1. Selecting Login Methods:
              • Check the boxes next to the login methods to allow.
              • Multiple methods can be selected at once.
              • At least one login method must be enabled, or users won't be able to log in
            2. SAML SSO:
              • The SAML checkbox is always disabled (read-only) - it serves as a visual indicator of SSO status
              • SSO can be configured at Settings → SAML Single sign-on. For detailed SAML SSO configuration instructions, see: SAML Single sign-on | AlexisHR | Help and Questions 
              • The checkbox will only appear checked when: Both SAML SSO is configured and related IDP Domain is also configured & varified.
              • If SAML SSO is not configured, the SAML checkbox will appear unchecked (but still disabled) with a visual warning message. e,g:
                • Additional configuration required to enable this.
                • SAML SSO is configured but requires domain verification.
                  image-20251210-155141.png



            3. Standard Login Methods:
              • Email & Password and Google login methods can always be enabled or disabled
              • When SAML/SSO is enabled and configured,  other login methods (e.g:  Email & Password and Google) can still enable or disable. This allows to offer multiple login options to the users.

            Important Notes

            • Warning: If all login methods are disabled (including SAML when it's not configured), a warning message will appear before saving. This will prevent all users from logging in.

              image-20251210-155251.png

            • Saving Changes: After making selections, click the "Save Changes" button at the bottom of the page.
            • Changes Take Effect Immediately: Once saved, the new login methods will be available to users immediately.

            Common Questions

            Q: Why is the SAML checkbox unchecked?
            A: The SAML checkbox will only appear checked when SSO is fully configured. SAML SSO needs to be configured first at Settings → SAML Single sign-on. For instruction to configure the SAML SSO: SAML Single sign-on | AlexisHR | Help and Questions


            Q: Can we use both SSO and regular email/password login?
            A: Yes! When SSO is configured, other login methods e.g: Email & Password, Google can still be enabled to offer multiple login options.


            Q: Why can't I uncheck the SAML checkbox?
            A: The SAML checkbox is read-only and serves as an indicator of the SSO configuration status. It cannot be manually checked or unchecked - it automatically reflects whether SSO is properly configured or not.


            2. Disable Private Email Login

            This feature allows to restrict login to work email addresses only.


            What It Does

            When enabled, this setting prevents users from logging in with private email addresses that are set in the system and users wil only be able to login using their work emails set in the syste. 

            Please note when enabled, users with no work email set in their profiles will not be able to log in.


            When to Use It

            Enable this setting to:

            • Ensure all users log in with their company’s work email addresses.
            • Improve security by restricting access to company-managed accounts.
            • Maintain better control over user accounts.


            How to Enable/Disable

            1. Toggle the switch next to "Disable Private Email Login"
            2. Click "Save Changes" to apply.


            3. Require Multi-Factor Authentication (MFA)

            This feature enforces multi-factor authentication for all users in the company.


            What Is MFA?

            Multi-factor authentication adds an extra layer of security by requiring users to verify their identity using a second method (such as a code sent to their phone) in addition to their password.


            What It Does

            When enabled, this setting:

            • Enforces MFA for every login attempt.
            • Applies to all users in the company automatically.


            Important Prerequisites

            Before enabling MFA, must ensure that ALL users have a valid work phone number configured in their profiles.

            • If any user is missing a work phone number, they will not be able to log in once MFA is enabled.
            • MFA verification codes are sent to the user's work phone number.
            • Users without a valid work phone number will be locked out of the system.

            Action Required: Before enabling MFA:

            1. Verify that all users have valid work phone numbers in their employee profiles
            2. Update any missing or invalid work phone numbers
            3. Only enable MFA after confirming all users have valid work phone numbers


            When to Use It

            Enable this setting to:

            • Enhance security for the company's data
            • Meet compliance requirements
            • Protect against unauthorized access


            How to Enable/Disable

            1. Toggle the switch next to "Require Multi-Factor Authentication"
            2. Read the description to understand the implications
            3. Click "Save Changes" to apply


            Saving Changes

            1. After making any changes to the authentication settings, a "Save Changes" button will appear at the bottom of the page
            2. The button will be disabled if:
              • No changes have been made, or
              • The system is currently saving the changes
            3. Click "Save Changes" to apply the settings


            Important Warnings

            • No Login Methods: If saving without any enabled login methods, a warning message will appear. This will prevent all users from logging in, so ensure at least one method is enabled.


            Troubleshooting


            SAML checkbox is unchecked

            Possible Causes:

            1. SSO is not configured for the company
            2. SSO configuration is incomplete or incorrect

            Solution:

            1. Go to Settings → SAML Single sign-on to configure SSO
            2. Refer to the SAML SSO Configuration Guide for detailed instructions
            3. Once SSO is properly configured, the SAML checkbox will appear checked


            Users cannot log in

            Check:

            1. At least one login method is enabled
            2. The login method the user is trying to use is enabled
            3. If using SAML/SSO, ensure it's properly configured
            4. If MFA is enabled, users must have valid work phone numbers and complete the MFA setup

            Solution: Check the authentication settings and ensure at least one login method is enabled and properly configured. If MFA is enabled, verify all users have valid work phone numbers.


            Changes aren't saving

            Check:

            1. Verify a setting has actually been changed (the Save button will be disabled if there are no changes)
            2. Check for network/connection issues
            3. Verify the user has Owner role permissions


            Solution: Refresh the page and try again. If the issue persists, contact support.


            Related Documentation

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0