Turbine Login and Authentication Methods

swimlane turbine supports multiple login methods, depending on how authentication is managed within your organization the following sections provide an overview of each supported login method single sign on (sso) you can sign in to turbine using sso in two ways identity provider (idp) initiated or service provider (sp) initiated both methods use saml 2 0 for authentication through an external idp identity provider (idp) initiated sso login https //docs swimlane com/turbine login and authentication methods#identity provider idp initiated sso login login starts directly from the identity provider portal (for example, okta, jumpcloud, google workspace, and so on) the idp authenticates the user and redirects to turbine service provider (sp) initiated sso login /#service provider sp initiated sso login login starts from the turbine application (for example, https //us1 swimlane app https //us1 swimlane app ) provide an account alias which enables turbine to determine which idp to redirect the user to the idp authenticates the user and redirects to turbine ldap login /#ldap login authentication is handled by the external ldap directory (for example, microsoft active directory or openldap) credentials are validated against the directory, and access is granted upon successful authentication application managed login /#application managed login credentials are stored directly within turbine when a user logs in, turbine authenticates the users after an inactivity timeout or a manual logout, the user is redirected to the same page they were on before this behavior is user specific and ensures each user is logged back into their last visited page in the application identity provider (idp) initiated sso login idp initiated sso begins from your organization's identity provider portal (for example, okta, jumpcloud, or google workspace) after you select the turbine app, the idp authenticates your credentials and redirects you to turbine to sign in using idp initiated sso sign in to your organization's idp portal select the turbine application if multi factor authentication (mfa) is required, complete the verification(optional) turbine validates the response, and logs you in service provider (sp) initiated sso login sp initiated sso begins from the turbine login page enter your alias or email address , then turbine routes you to the correct idp for authentication steps to log in via sp initiated sso navigate to turbine (for example, https //us1 swimlane app https //us1 swimlane app ) select login via sso enter your alias or email address alias — routes login to the sso configuration with that alias email address — turbine looks up your account and uses your mapped sso configuration some accounts show alias only (alias only login mode) when redirected to your idp, sign in using your idp credentials if multi factor authentication (mfa) is required, complete the verification turbine validates the response and logs you in what is an account alias? an account alias is a short, unique string assigned to an sso configuration in turbine turbine uses it to identify which idp to use during sp initiated login when the user enters an alias instead of an email address why use an account alias? routing to the correct idp when multiple sso providers are configured simplified user experience — users enter the alias and turbine directs them to the correct login provider configure the alias (admin only) to configure an alias for saml based sso navigate to settings > account > account settings open the sessions & security tab expand authentication , turn enable on under saml authentication , and click saml settings enter the alias in the saml authentication dialog complete the remaining idp and service provider fields, click apply , then click save on account settings for the full procedure, see enable saml for sso docid\ irgxchuyjmsyplqdq3duh ldap login ldap login allows authentication using credentials stored in an external ldap directory , such as microsoft active directory or openldap turbine connects to the configured ldap server using the ldap protocol to validate credentials to sign in using ldap go to https //us1 swimlane app https //us1 swimlane app/ enter your ldap username or email address and password turbine connects to the ldap server to validate your credentials if multi factor authentication (mfa) is required, complete the verification (optional) turbine validates the response, and logs you in application managed login application managed login is handled entirely within turbine credentials are stored and verified by the application, without relying on an external identity provider to sign in as an application managed user go to https //us1 swimlane app https //us1 swimlane app/ enter your registered email address or username and password turbine validates your credentials if multi factor authentication (mfa) is required, complete the verification (optional) turbine validates the response, and logs you in resetting a forgotten password if you forget your password on the login screen, click forgot password? enter your registered email address check your inbox for the password reset email follow the link to create and confirm a new password return to the login screen and sign in with the new password