PlatformAccount ManagementAuthentication

Sign-on methods

You can set up how users on your HUMAN account can sign in to the platform from your Authentication settings. You can enable one or more authentication methods for your HUMAN account. When you enable more than one method, you can choose which one each user will use when they sign in. Be sure you assign the appropriate authentication method when you invite a user.

You can learn how to set up authentication in this article.

Prerequisites

  • Appropriate role permissions to manage authentication methods. You can view these roles from Platform settings > Permissions and selecting Platform. By default, this means you need to be at least one of the following roles:
    • Application owner
    • IT / Devops
    • Admin
  • If you’re configuring Single Sign-On (SSO), you need appropriate permissions to configure SSO from that provider.

Configure email and password (including with Google)

The email and password authentication method lets users sign in with their email and password or via their Google account. You can also enable email authentication, which sends the user a code to their email as another layer of security (MFA).

Passwords must have at least 12 characters and must include uppercase and lowercase letters as well as a number.

  1. Navigate to Platform Settings > Authentication.
  2. Toggle Email & Password (including with Google) to ON.
  3. If you want to add multifactor (MFA) authentication, toggle Email Authentication to ON.
  4. Click Save changes.

Email and password authentication are now enabled for your HUMAN account.

Configure single sign-on (SSO)

HUMAN supports SSO with SAML or OIDC.

If you would like to add single logout (SLO) or request our public key certificate for an extra level of security, you can contact us directly.

If you enable group provisioning, you cannot invite, manage, or delete users from within HUMAN. All user and group management is through your organization’s SSO provider.

SAML configuration

1

Identify provider (IdP) configuration

As an administrator of your IdP, create a new application with these values:

Follow this guide for Okta integrations.

  • Single sign-on URL: https://console.perimeterx.com/login
  • Audience URI (SP Entity ID): https://perimeterx.com
  • Name ID format: Email address only
  • Configure the following attributes:
Application AttributeDescription
NameID (SAML_SUBJECT)User’s email address
firstNameUser’s first name
lastNameUser’s last name
2

HUMAN console configuration

  1. Navigate to Platform Settings > Authentication.
  2. In the Single Sign-On (SSO) section, click Add integration, then select SAML integration.
  3. Complete the following fields:
    • Integration name: The name for the SSO integration and how it will appear in your HUMAN platform while inviting users. This field only appears if you add more than one SAML configuration.
    • SAML endpoint: The login URL endpoint where the SAML assertion is sent.
    • Issuer: The identity provider (IdP) unique identifier value.
    • X.509 Certificate: A certificate provided by the IdP.
    • Passwordless authentication: If you want to disable the requested authentication context, toggle on the checkbox.
    • Entity ID: The entity ID defaults to HUMAN (SP Entity ID). This field only appears if you add more than one SAML configuration. To change it, click the lock and enter your custom ID.
  4. If you want to add another integration, click Add integration and repeat Step 3.
  5. Click Save changes.

Your SAML SSO authentication is now configured.

OpenID Connect (OIDC) configuration

1

Identify provider (IdP) configuration

As an administrator of your IdP, create a new OIDC application with the following:

  • Sign-in redirect URIs: https://console.perimeterx.com/login
2

HUMAN console configuration

  1. Navigate to Platform Settings > Authentication.
  2. In the Single Sign-On (SSO) section, click Add integration, then select OpenID Connect integration.
  3. Complete the following fields:
    • Integration name: The name for the SSO integration and how it will appear in your HUMAN platform. This field only appears if you add more than one OIDC configuration.
    • SSO provider type: Select OpenID Connect from the dropdown menu.
    • Issuer: The identity provider (IdP) unique identifier value.
    • Client ID: The ID for your OIDC client
    • Client secret: The secret for your OIDC client
  4. If you want to add another integration, click Add integration and repeat Step 3.
  5. Click Save changes.

Your OIDC SSO authentication is now configured.