SSO Support

Strise supports SSO authentication via Auth0. With SSO, users can securely log in to Strise using their organization's identity provider, eliminating the need for separate usernames and passwords.

Login Experience

1. Email-Based Redirection: Users entering their email address are automatically redirected to their organization’s login portal if their domain is configured for SSO.
2. Microsoft and Google Login: We also support login buttons for Microsoft and Google accounts for organizations using these providers. Auth0 connectors for Microsoft and Google use OIDC protocol under the hood.

Users from configured domains will see a login experience tailored to their SSO provider, without needing to enter a password on Strise’s login page.

SSO Login Flow

The following diagram illustrates the login process:

• Identifier First: Users start by entering their email address. Based on the email domain, Home Realm Discovery identifies the appropriate identity provider.
• Password: Users are prompted to either enter their password.
• Multi-Factor Authentication (MFA): If enabled, users will need to verify their identity with an additional authentication step.

This process ensures secure access tailored to the organization’s identity provider settings.

API Authentication

Our APIs utilize JWT (JSON Web Tokens) for secure authentication. These tokens are:

• Compact and self-contained.
• Used to verify user identity and permissions for API requests.

Tokens are issued upon successful authentication and must be included in API requests to access protected resources.

Directory Synchronization and Access Management

Strise does not support directory synchronization. This means: