Authentication is the process whereby users login to their digital workplace. Our platform offers three methods of authentication: Igloo Auth, SAML and LDAP Auth. LDAP and SSO authentication are only available to paid customers of Igloo. Please contact us if you would like to know more.
Features and functionality
Igloo authentication
Igloo Authentication is our native authentication system. It is typically used for new digital workplaces, small businesses, and those without large scale IT requirements. With Igloo Authentication, users log in with their email address and a password that is managed through Igloo systems. Igloo Authentication is used most often by organizations that do not have a member directory that they manage. It requires no IT involvement and gives members complete control over their login credentials.
Entering an incorrect password 5 times will place an account in a cool down state for 10 minutes. During this time the account cannot be used to login from any device, even if the correct credentials are provided. Use the Forgot Password option on the sign-in page to reset the password for the account and sign in immediately.
When creating an Igloo authentication password, it must conform to these rules:
- Contain between 10 and 50 characters
- Contain at least one uppercase character
- Contain at least one lowercase character
- Contain at least one digit
- Contain at least one special character (~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/)
- Does not match any of the last 5 passwords used for Igloo.
- Does not contain the account's username
- Does not contain Unicode characters
These rules do not apply when:
- Adding a user with bulk upload
SSO authentication
Single sign-on via SAML employs the SAML 2.0 standard to authenticate users against a third-party identity provider (IDP). With SSO Authentication, the IDP manages all credentials and authentication requests. Single sign-on via SAML is a broadly used web standard that allows you to use the same login session for multiple services. It is even possible to set it up so that no login is needed at all in your browsers. SSO Authentication is the ideal solution whenever you have the IT infrastructure to support it as it can allow you to log in to many unrelated services through one, centrally-managed system. Igloo refers to the IDP for confirmation of user credentials.
Any SSO IDP that use SAML 2.0 can be used for authentication. Common IDPs include:
- Microsoft ADFS
- Microsoft Azure
- Okta
- OneLogin
- Shibboleth
LDAP authentication
LDAP authentication allows users to authenticate against your corporate directory using the Lightweight Directory Access Protocol(LDAP). No user credentials need to be stored in the Igloo database using this system. LDAP Authentication is typically used when you have an active directory but are prevented from using an identity provider to facilitate SAML authentications. It can also be used when you have multiple member directories each with a different membership that needs to log in to your digital workplace.
Mixed Authentication
It is possible to use Igloo Authentication along with either LDAP or SSO authentication.
Delegation
Once a member signs in to a digital workplace using LDAP or SSO they become delegated by that authentication method and can no longer change their Igloo Authentication credentials themselves. If these members would like to change their Igloo Authentication password, they must contact their workplace administrator to trigger a password reset for Igloo Authentication.