Configuring authentication methods for your organization

Edit online

Configure one or more authentication methods for your AoC users, including IBMid, Google OAuth, and one or more SAML providers. Once configured, you can apply one or more of these methods to users and groups in your organization.

Once you configure one or more of these authentication methods, you can assign one of them to each user in your organization, either during new user creation or by modifying an existing user record. You can also allow individual users to log in using any configured auth provider for which they have credentials; in this scenario, the user can log in at one time using one configured auth provider, and another time using a different configured auth provider. For details, see Create and manage users.

The authentication methods you configure for your organization appear as buttons on your organization login page. For each auth method, you can configure the label on the button to help guide your users to the login method you intend for them; go to Admin > Authentication > your_identity_provider.

The following table provides an overview of different authentication types supported in Aspera on Cloud:

Authentication Type	Description
IBMid	IBMid is enabled by default for all Aspera on Cloud organizations; no configuration is required. IBMid is the ID-as-a-Service (IDaaS) from IBM. It is available for anyone using IBM cloud and many IBM cloud services, including Aspera on Cloud. You can enable multifactor authentication for users who log in with IBMid. You can also enable a special access option for specific admins to avoid being locked out of Aspera on Cloud when you disable IBMid. For details and procedures, see the articles under IBMid.
SAML	You can enable one or more SAML IdPs for your organization. To allow your users to log in through multiple SAML providers, set the Authentication method to Any. For details and procedures, see the articles under SAML.
Google OAuth	You can enable authentication by Google, which allows users to access Aspera on Cloud based on authentication into Google. In this scenario, the user in essence logs in to Google using a dialog presented by Aspera on Cloud; Google then passes that authentication to Aspera on Cloud, and Aspera on Cloud accepts that authentication to allow Aspera on Cloud access. Such authentication populates user accounts in Aspera on Cloud based on Google-verified identity. For details and a procedure, see Configuring Google authentication.

Authentication Type

Description

IBMid

IBMid is enabled by default for all Aspera on Cloud organizations; no configuration is required. IBMid is the ID-as-a-Service (IDaaS) from IBM. It is available for anyone using IBM cloud and many IBM cloud services, including Aspera on Cloud.

You can enable multifactor authentication for users who log in with IBMid. You can also enable a special access option for specific admins to avoid being locked out of Aspera on Cloud when you disable IBMid.

For details and procedures, see the articles under IBMid.

SAML

You can enable one or more SAML IdPs for your organization. To allow your users to log in through multiple SAML providers, set the Authentication method to Any.

For details and procedures, see the articles under SAML.

Google OAuth

You can enable authentication by Google, which allows users to access Aspera on Cloud based on authentication into Google. In this scenario, the user in essence logs in to Google using a dialog presented by Aspera on Cloud; Google then passes that authentication to Aspera on Cloud, and Aspera on Cloud accepts that authentication to allow Aspera on Cloud access. Such authentication populates user accounts in Aspera on Cloud based on Google-verified identity.

For details and a procedure, see Configuring Google authentication.