With more organizations embracing SaaS platforms, the ability to control how your users authenticate to your CMS is critical.
As an administrator, you need to ensure only the right people have access and you need safe guard your user's accounts.
With Agility CMS, you can enforce rules which will dictate how your users can authenticate across all of your instances in your Organization.
- Secure by default - Agility allows you to login via email-verified social accounts and email/password logins with complex password requirements
- Enhanced security with Multi-factor Authentication - You can disable social logins and force users to use Email/Password login with built-in Multi-factor Authentication (MFA)
- Flexible - You can enable/disable any type of login and force users to login only with your selected authentication provider (i.e. GitHub, Google, Microsoft, Email/Password logins, or Enterprise Single Sign On)
- Enterprise ready - Take control over user provisioning and authentication by connecting an Enterprise Single Sign-On provider with Agility CMS
Disallowing authentication providers and enforcing MFA are features that require a Pro or Enterprise plan. Enterprise SSO is only available to Enterprise plans.
At the time of writing, these features must be configured by contacting firstname.lastname@example.org. Soon, these will be available for you to manage directly in Agility CMS in the upcoming Security Center that you'll be able to find in your Organization settings.
We've comprised a few common examples of how to configure your authentication security settings.
Force All Users to Authenticate using MFA
”Tom wants to ONLY allow Email/Password combo logins because he can enforce MFA across all his users (regardless of email domain). He logs into the Organization Security Center and disables all other logins aside from Email/Password login and checks the box Enforce MFA."
This makes your Email/Password logins more secure. If an attacker was able to get your password and logs in, they won't be authenticated unless they also pass the Multi-factor authentication.
Force All Users to Authenticate using a specific Social Login
"Matilda wants to ONLY allow Google logins because her organization trusts Google to authenticate their users. She logs into the Organization Security Center and disables all other logins aside from Google login."
Matilda has now made her instances more secure as only users authenticate through Google can access them.
Force all Users to Authenticate via their own Enterprise Single Sign-On
”Larry wants to only allow access to his Agility CMS instance when users login through their SSO provider. He is an Organization admin, so he logs into the Organization Security Center and disallows all other login types except for their SSO.”
Larry is now assured that all users must authenticate through their SSO in order to get access to their instances. This is more secure, and his users do not have to manage another username and password. If Larry needs to remove a user, he can remove that user from their SSO provider and they will instantly be unable to access any Agility CMS instances within their organization.
In order to enable Enterprise Single Sign-On, you must be on an Enterprise plan and contact your customer success representative.