The Authentication section allows you to configure how your users will log into your hub.
In the General section, you can enable login settings for your users.
- Force prompt login enforces a login prompt for all users. If users have set up their 2-step verification in their Devolutions Account, this will only prompt 2-step verification.
- Enforce 2-step verification on Devolutions Account enforces all users to set a multi-factor verification on their Devolutions Account.
- Enforce 2-step verification number matching enables 2FA number matching for all users of this hub.
The Enforce 2-step verification on Devolutions Account and Enforce 2-step verification number matching settings do not apply to users that log in with Single Sign-on (SSO).
It is also possible to set the Inactivity Logout Time to different values ranging from 5 minutes to 4 hours or to leave it Off.
Verify your domain for single sign-on. It is mandatory as it allows us to verify the ownership of the domain supplied.
In a separate window, log in to your domain host and find your DNS records. Create and save a new TXT record using the information provided below. Then, select Verify Domain.
You know that your domain has been successfully verified when its status changes from Pending to Verified, as seen below.
For the full domain verification and SSO setup instructions, visit Get started with SSO in Devolutions Hub.
Single Sign-On (SSO)
Once your domain is verified, you have access to the Single Sign-On (SSO) section to configure SSO for your Devolutions Hub users. Start by selecting the identity manager of your choice between Microsoft and Okta.
You then have to enter some information as seen below.
By default, SSO will be enabled once you complete its configuration. You can also Force SSO on all users.
If you enable Force SSO on all users, users will not have access to Devolutions Hub Business in case of misconfiguration or downtime of your SSO provider. We strongly recommend that you inform all existing users in your Devolutions Hub Business of this new authentication method prior to activating it.
After SSO is set up, users will then be able to log in to your hub using their Azure AD or Okta credentials in addition to being able to do so with their Devolutions Account credentials.
For the full SSO setup instructions, visit Get started with SSO in Devolutions Hub.
After having configured and saved your SSO settings, it is still possible to edit them or even delete them.
User and user group provisioning is currently only available with Microsoft Azure AD.
Synchronize and automate the provisioning and deprovisioning process of your Devolutions Hub users and groups by configuring your Identity Provider with your hub using the SCIM (System for Cross-domain Identity Management) specification under your idP (Identity Provider) configurations.
Single Sign-on must first be configured and enabled to set up the provisioning.
For the full provisioning setup instructions, visit Get started with SSO in Devolutions Hub.