With more organizations embracing SaaS platforms, the ability to control how your users authenticate to your CMS is critical.
As an administrator, you need to ensure only the right people have access and you need safe guard your user's accounts.
With Agility CMS, you can enforce rules which will dictate how your users can authenticate across all of your instances in your Organization.
Disallowing authentication providers and enforcing MFA are features that require a Pro or Enterprise plan. Enterprise SSO is only available to Enterprise plans.
At the time of writing, these features must be configured by contacting email@example.com. Soon, these will be available for you to manage directly in Agility CMS in the upcoming Security Center that you'll be able to find in your Organization settings.
We've comprised a few common examples of how to configure your authentication security settings.
”Tom wants to ONLY allow Email/Password combo logins because he can enforce MFA across all his users (regardless of email domain). He logs into the Organization Security Center and disables all other logins aside from Email/Password login and checks the box Enforce MFA."
This makes your Email/Password logins more secure. If an attacker was able to get your password and logs in, they won't be authenticated unless they also pass the Multi-factor authentication.
"Matilda wants to ONLY allow Google logins because her organization trusts Google to authenticate their users. She logs into the Organization Security Center and disables all other logins aside from Google login."
Matilda has now made her instances more secure as only users authenticate through Google can access them.
”Larry wants to only allow access to his Agility CMS instance when users login through their SSO provider. He is an Organization admin, so he logs into the Organization Security Center and disallows all other login types except for their SSO.”
Larry is now assured that all users must authenticate through their SSO in order to get access to their instances. This is more secure, and his users do not have to manage another username and password. If Larry needs to remove a user, he can remove that user from their SSO provider and they will instantly be unable to access any Agility CMS instances within their organization.
In order to enable Enterprise Single Sign-On, you must be on an Enterprise plan and contact your customer success representative.