Once you invite Users into a Workspace, they can sign in using their preferred method:

  • Email and password (the password is set during the first sign in)

  • Google account

  • Microsoft account

  • SAML SSO provider account

Enabling and disabling authentication methods

If this variety is too much for your security standards, feel free to disable some of the methods:

  1. Navigate to Workspace Settings in the top left menu.

  2. Switch toggles on/off to configure allowed authentication methods.

When you limit the ways to sign in, the Workspace login page changes accordingly. Compare all default methods allowed vs. Google only:

Login page: all default methods vs. Google only

Signing in from the global login page

The Workspace settings don't affect the global login page though: it always sticks to the default methods and doesn't include SAML SSO.

A user is free to authenticate using any method and see the list of all Workspaces associated with their email address:

When the user picks a Workspace, this happens:

  • If the authorization method is allowed in a particular Workspace, the user is able to continue.

  • Otherwise, they are redirected to the Workspace login page.

Two-factor authentication (2FA)

Fibery doesn't support 2FA natively yet, but if your organization uses Google Suite, Microsoft O365, or another identity provider there is a solution:

  1. Disable all authentication methods apart from your identity provider (ex. Google).

  2. When inviting users, use their work emails linked to the identity provider (ex. @company.com emails hosted by Google Suite).

  3. Enforce 2FA on the identity provider's side.

This way users can't bypass the 2FA when signing into Fibery.

Did this answer your question?