This page provides a step-by-step guide to set up Single Sign-On (SSO) for Lansweeper Cloud, emphasizing its benefits, compatibility with various identity providers, and the option to combine it with multi-factor authentication.
There are two main ways to log into Cloud: using a login/password created in Cloud itself or using SSO.
Where possible, using single sign-on (SSO) is recommended, as it has a number of benefits. SSO allows you to centrally manage accounts in a third-party system you're already using. This simplifies management tasks, eliminates the need for each user to have multiple login/password combinations and allows you to enforce your own security policies, among other things. For more information about how to improve security, check out 5 Features of Lansweeper Cloud that Strengthen Security.
Cloud supports both OpenID Connect (OIDC) and SAML for setting up SSO. Any identity provider (IdP) that supports at least one of these options is a suitable candidate for use with Cloud. Azure Active Directory, Google and Okta are just a few examples of identity providers that you can log into Cloud with. SSO can be set up quickly and easily, as explained in the below steps.
email_verifiedattribute to Cloud.
Once you've set up your SSO connection new and existing Cloud users in your domain should be able to log into Cloud by selecting Log in with Single Sign-On. They will be asked for their email address prior to starting the SSO login process.
You can combine SSO either with Cloud-configured MFA (Multi-Factor Authentication) or the MFA of your IdP. That way, you can add an extra layer of security to the login process. If you already have MFA set up or enforced in your IdP, it will automatically be part of the Cloud SSO login process for your domain users.
You can optionally enforce the use of SSO by all users in your site.
If a user subsequently tries to log into your site with a Cloud-created login/password, they will be denied site access. Site owners will still be able to log in using the Cloud-created login/password in case of issues with your domain's SSO setup.
Optionally, you can add managers to your SSO connection for redundancy and security purposes. This means you are not dependent on a single person to manage the SSO connection.
Was this post helpful? Select Yes or No below!
Did you have a similar issue and a different solution? Or did you not find the information you needed? Create a post in our Community Forum for your fellow IT Heroes!
More questions? Browse our Quick Tech Solutions.