Turbine Login and Authentication Methods

swimlane turbine supports multiple login methods, depending on how authentication is managed within your organization the following sections provide an overview of each supported login method single sign on (sso) you can sign in to turbine using sso in two ways identity provider (idp) initiated or service provider (sp) initiated both methods use saml 2 0 for authentication through an external idp login starts directly from the identity provider portal (for example, okta, jumpcloud, google workspace, and so on) the idp authenticates the user and redirects to turbine docid 9gbsio2lxjlgwklt3nwpb login starts from the turbine application (for example, https //us1 swimlane app ) provide an account alias which enables turbine to determine which idp to redirect the user to the idp authenticates the user and redirects to turbine docid 9gbsio2lxjlgwklt3nwpb authentication is handled by the external ldap directory (for example, microsoft active directory or openldap) credentials are validated against the directory, and access is granted upon successful authentication docid 9gbsio2lxjlgwklt3nwpb credentials are stored directly within turbine when a user logs in, turbine authenticates the users after an inactivity timeout or a manual logout, the user is redirected to the same page they were on before this behavior is user specific and ensures each user is logged back into their last visited page in the application identity provider (idp) initiated sso login idp initiated sso begins from your organization's identity provider portal (for example, okta, jumpcloud, or google workspace) after you select the turbine app, the idp authenticates your credentials and redirects you to turbine to sign in using idp initiated sso sign in to your organization's idp portal select the turbine application if multi factor authentication (mfa) is required, complete the verification(optional) turbine validates the response, and logs you in service provider (sp) initiated sso login support for identifying an idp using an email address has been removed sp initiated sso begins from the turbine login page after you provide your account alias or email address, turbine determines the correct idp and redirects you for authentication steps to log in via sp initiated sso navigate to turbine for example, https //us1 swimlane app select login with sso enter your account alias this is your organization's unique identifier when redirected to your idp, sign in using your idp credentials if multi factor authentication (mfa) is required, complete the verification (optional) turbine validates the response, and logs you in what is an account alias? an account alias is a short, unique string that maps directly to an sso configuration in turbine turbine uses it to identify which idp to use during sp initiated login why use an account alias? routing to the correct idp simplified user experience instead of remembering and selecting the idp manually, users simply enter the account alias, and the system automatically directs them to the correct login provider configure the alias (admin only) to configure an alias for saml based sso navigate to settings > account > sessions & security > authentication click > to expand the authentication section under the saml authentication section, toggle the enable switch to activate saml authentication click saml settings to open the saml authentication configuration dialog in the alias field, enter your organization alias (swimlane com) complete the rest of the saml configuration, including the idp metadata and certificate click save once configured, this alias will be used on the login screen for sp initiated sso to identify the idp provider for more information on configuring sso, see docid\ cuq4tgqzqftm 8mrsx8lp ldap login ldap login allows authentication using credentials stored in an external ldap directory , such as microsoft active directory or openldap turbine connects to the configured ldap server using the ldap protocol to validate credentials to sign in using ldap go to https //us1 swimlane app/ enter your ldap username or email address and password turbine connects to the ldap server to validate your credentials if multi factor authentication (mfa) is required, complete the verification (optional) turbine validates the response, and logs you in application managed login application managed login is handled entirely within turbine credentials are stored and verified by the application, without relying on an external identity provider to sign in as an application managed user go to https //us1 swimlane app/ enter your registered email address or username and password turbine validates your credentials if multi factor authentication (mfa) is required, complete the verification (optional) turbine validates the response, and logs you in resetting a forgotten password if you forget your password on the login screen, click forgot password? enter your registered email address check your inbox for the password reset email follow the link to create and confirm a new password return to the login screen and sign in with the new password