Configure SSO-only mode

You can prevent users from signing in with their Alida platform username and password credentials, and ensure that they must use single sign-on (SSO) for authentication.

Prerequisites:

Add and verify a domain

Users added to the Alida platform prior to SSO being set up for your community can sign in either using the username and password for the Alida platform, or by using their SSO credentials. You can configure SSO-only mode to prevent users from using their Alida username and password to sign in.

The following configuration options are supported for SSO-only mode:

  • Enable the Community Level toggle to specify that only users that belong to a verified domain can be added to the community. If example.com is the only verified domain, all new users must be members of this domain.
  • Select one or more of the verified domains listed under Domain Level, to specify that users belonging to any of these domains must use SSO to sign in. They cannot use their Alida platform username and password.
  • Configure both of these options to specify that new users can only be added if they belong to a verified domain, and that they must use SSO to sign in regardless of the community they are signing in to.
  1. Sign in to the Alida platform and switch to the desired community.
  2. Select Product Settings > SSO.
  3. Click the SSO-Only Mode tab.
  4. Contact support if you want to turn the Community Level toggle on or off.
    This toggle controls whether Admins can add new users to the community if they belong to untrusted domains. When the toggle is turned on, new users must belong to a domain that has been added and verified for the community.
  5. To specify that users belonging to specific verified domains are restricted to only using SSO to sign in:
    1. Select the checkbox next to each domain where you want to require that users belonging to the domain must sign in using SSO.
    2. Click Apply.
      This setting applies across the Alida platform if you have multiple application instances configured. For example, if you have multiple Community instances for distinct brands that operate under your organization. Users that belong to the selected domains must use SSO to sign in, and are prevented from using their username and password for the Alida platform to sign in.