- Ably FAQs
- Account and app setup and configuration
- Accounts and apps
-
Account billing and packages
-
General
-
Realtime API and client libraries
-
Troubleshooting
-
Channels
-
REST API and client libraries
-
Ably error codes
-
Account and app setup and configuration
-
Ably architecture, transports, and security
-
Performance and Redundancy
-
Push Notifications
-
Reactor Queues, Events and Firehose
-
Migrating to Ably from an existing service
-
Connections
How can I force all account users to authenticate with SSO?
A setting called Strict Mode allows accounts to restrict access to only those members that are currently authenticated with the account's IdP (e.g. Okta). Members authenticated with other providers (e.g. email/password or Google/GitHub/Twitter) will be forced to re-authenticate with their IdP when accessing the account.
This allows companies to have full control over access to their Ably accounts. If a user is removed from the IdP, he will no longer be able to access the account once his current session expires.
To enable Strict Mode:
- Navigate to the Home → Account Settings page.
- Toggle Enable Strict Mode? (note: this setting only appears if SSO is activated)
If an email associated with an account with strict mode enabled tries to login local i.e via Ably username and password there will be an error in the browser Not found. Authentication passthru.
Note: Account owners can access account resources regardless of their current authentication method.