Authentication

The Authentication section allows you to configure how your users will log into your Hub .

General

In the General section, you can enable login settings for your users.

Administration – Authentication – General
Administration – Authentication – General

  • Force prompt login enforces a login prompt for all users. If users have set up their 2-step verification in their Devolutions Account , this will only prompt 2-step verification.
  • Enforce 2-step verification on Devolutions Account enforces all users to set a multi-factor verification on their Devolutions Account .

The Enforce 2-step verification on Devolutions Account setting does not apply to users that log in with Single Sign-on (SSO).

It is also possible to set the Inactivity Logout Time to different values ranging from 5 minutes to 4 hours or to leave it Off .

Single Sign-On (SSO)

In the Single Sign-On (SSO) section, you can Configure Single Sign-On (SSO) for your Hub users. They will then be able to log in to your Hub using their Azure AD credentials in addition to being able to do so with their Devolutions Account credentials.

Administration – Authentication – Single Sign-On (SSO)
Administration – Authentication – Single Sign-On (SSO)

When setting up SSO, you will have to fill in some fields in the Configure Single Sign-On (SSO) page. Consult our Get Started With SSO in Hub Business topic for more information.

Configure Single Sign-On (SSO)
Configure Single Sign-On (SSO)

After having configured and saved your SSO settings, it is still possible to edit them or even delete them.

By default, SSO will be enabled once you complete the configuration. You can also Force SSO on all users .

If you enable Force SSO on all users , users will not have access to Hub Business in case of misconfiguration or downtime of your SSO provider. We strongly recommend that you inform all existing users in your Hub Business of this new authentication method prior to activating it.

Configured Single Sign-On (SSO)
Configured Single Sign-On (SSO)

Provisioning

Synchronize and automate the provisioning and deprovisioning process of your Hub 's users and groups by configuring your Identity Provider (Azure Active Directory) with your Hub using the SCIM (System for Cross-domain Identity Management) specification under your idP (Identity Provider) configurations.

Single Sign-on must first be configured and enabled to set up the provisioning.

Administration – Authentication – Provisioning
Administration – Authentication – Provisioning

After having enabled SSO, you can generate a SCIM Token . You can always delete that token and regenerate a new one.

Generate SCIM Token
Generate SCIM Token

You will then get access to the Tenant URL in addition to the token to configure the provisioning in Azure .

Tenant URL and SCIM Token
Tenant URL and SCIM Token

When everything has been configured, you can Enable the synchronization of your Hub 's users and groups with the ones in Azure AD.

Enable the synchronization
Enable the synchronization