Editing login methods¶
The host organization can manage which login methods the organization’s users will be able to choose in Feide’s login window. This allows the organization to select and set up external login methods such as Microsoft work or school account. The advantage of this is that the organization does not have to manage several authentication solutions with different user accounts.
The logins available in Feide’s login window for the organization are controlled by the Feide administrator in Feide’s customer portal. This is done by editing the login methods on the organization tab.
It may take up to 10 minutes before the login options are available in the organization Feide’s login window.
Feide directory authentication (Pilot)¶
Disabling Feide directory authentication removes Feide’s username and password fields from Feide’s login window. This means that users cannot log in with their regular account in the Feide directory but must always example login with their Microsoft work or school account, so they don’t need to log in again on services like Office 365 that have Microsoft’s login solution. This may be helpful to disabling Feide directory authentication if the organization has delegated all user authentication to external systems.
Deactivation of Feide directory authentication is still under testing, so contact Sikt at firstname.lastname@example.org if you want to remove Feide’s username and password field from the login window. Feide’s functionality for strong authentication using SMS and authenticator client is still available if activated and configured.
Be sure to select and test at least one external login provider beforehand for both employees and students.
External login provider¶
The organization can control which login methods the organization’s end users will be able to choose on Feide’s login window. This makes it possible to authenticate with external login providers such as Azure AD, where the user logs in with their Microsoft work or school account or logs in with ID-porten where the user can log in with, for example, Bank ID or MinID.
By delegating authentication to an external login provider, the user still has a complete Feide login with all information related to the user’s Feide account. Note that this requires the user to have a Feide account at the organization. If there are users who do not have or do not qualify for a Feide account, they cannot log in with an external login provider. The service can enable an alternative login method in Feide for those users. If the service configures this is available before the user selects affiliation on Feide’s login window, this is because they don’t belong to an organization.
Carefully read what is required for the external login provider before enabling it in Feide. Only enable login providers that the organization’s users can use; otherwise, users will have problems logging in to services.
Following external login provider, you can enable for your organization:
Feide doesn’t have access to the errors in external login provider authentication. So, if a user has a problem with login in with an external login provider, only the IT department at the organization can help interpret the errors. This is because Feide only has access to login history before and after authentication with the external login provider is used. The problem may be something that Feide can predict example, by rules or set up in the external login provider. Example accused by the user using a network abroad or deactivating an account after a certain number of times a password has been entered incorrectly.