Once you invite Users into a Workspace, they can sign in using their preferred method:
Email and password (the password is set during the first sign in)
SAML SSO provider account
Enabling and disabling authentication methods
If this variety is too much for your security standards, feel free to disable some of the methods:
Workspace Settingsin the top left menu.
Switch toggles on/off to configure allowed authentication methods.
When you limit the ways to sign in, the Workspace login page changes accordingly. Compare all default methods allowed vs. Google only:
Signing in from the global login page
The Workspace settings don't affect the global login page though: it always sticks to the default methods and doesn't include SAML SSO.
A user is free to authenticate using any method and see the list of all Workspaces associated with their email address:
When the user picks a Workspace, this happens:
If the authorization method is allowed in a particular Workspace, the user is able to continue.
Otherwise, they are redirected to the Workspace login page.
Two-factor authentication (2FA)
Fibery doesn't support 2FA natively yet, but if your organization uses Google Suite, Microsoft O365, or another identity provider there is a solution:
Disable all authentication methods apart from your identity provider (ex. Google).
When inviting users, use their work emails linked to the identity provider (ex. @company.com emails hosted by Google Suite).
Enforce 2FA on the identity provider's side.
This way users can't bypass the 2FA when signing into Fibery.