New Platform Users with SSO & MFA Opt-Out
- Space Sync for Confluence
This article describes the steps necessary for new users to successfully register and access Platform tenants which have the following setup:
SSO is enabled on the Platform
The Platform’s MFA has been disabled (“MFA Opt-Out”), in favour of using an alternative MFA mechanism such as the SSO Provider’s MFA mechanism.
It is a prerequisite that any user accessing the Platform must have a password and MFA set before allowing access.
Should a tenant already have SSO enabled, and a new user is invited to register and access the Platform, the new user must fully register with the Platform first. Full user registration is when:
the user has chosen and set their password
the user has setup an MFA account with the Platform.
The above conditions must be met for the Platform to allow the user to have any access; regardless of whether SSO has also been integrated with the Platform
Initial Setup
Assuming a Platform tenant is correctly functioning with a supported SSO provider; and the tenant has implemented the “MFA Opt-Out”, follow these steps for adding subsequent users to the tenant:
Create the user(s) in the Platform - Add & Manage User Accounts
Once the Platform invitation email has been received, the user should open the link in the email and set their password in the “Register Password” page.
The user will then be redirected to the main login page where they must enter the username/email and their password. To setup MFA registration the user must use the “Login” button to start the MFA registration process:
In the next screen, the user can proceed to setup their MFA account, as detailed in this article: Setup Two-Factor Authentication
Once the MFA has been setup, the user can log out of the Platform
Subsequent logins to the Platform can use the “Sign in with SSO” button after the user has entered their email address:
|
|
|---|