Admin login providers
Strivacity supports using external identity providers (IdP) for administrator authentication into the Admin Console. This allows administrators to sign in using enterprise or social credentials managed in an external IdP. However, external login support for admin registration (creating new admin accounts) is limited to invitation-based flows.
Admin login provider configuration
Login support
You can configure enterprise or social identity providers to enable external login for Admin Console access. This allows administrators to log in using external credentials without needing a local password.
Supported identity provider types:
- Enterprise providers using SAML or OIDC
- Social login providers (for example, Google)
Strivacity supports inviting new admins who can complete registration using an external identity provider (IdP).
We recommend keeping at least one local admin account as a fallback, so you don’t lose access to the Admin Console if your external login provider becomes unavailable.
Registration support
The Admin Console does not support self-service registration via external login providers. New admin accounts can only be created through either invitations or account linking.
There are two supported registration paths:
- Invitation flow: An existing administrator sends an invitation to the new admin's email address. If an external login provider is configured and enabled, the invited admin can complete the invitation flow by signing in with their external account.
- Account linking flow: An existing admin can link their external account after signing in with their local account. Once linked, they can use the external login for future sign-ins.
External login can be used to complete admin invitations, making it easier for organizations to onboard new admins securely using their existing identity systems.
The email address specified in the admin invitation must match the email claim returned by the external identity provider. If the values differ, registration will fail with the error:
"Registration with email that differs from invite email is not allowed."
Configuration
You can configure external login providers for Admin Console access under Instance configuration > Admin login providers in the Admin Console.
To enable external login for administrators:
- Sign in with a local admin account that has the Admin Console admin role.
- Navigate to Instance configuration > Admin login providers.
- Select Create and choose a provider from the available list (for example, Google, Azure AD, GitHub).
- Configure the selected provider using its required settings. Refer to the integration guides of each login provider linked below for further steps.
- Save the configuration and ensure the login provider is enabled.
The Admin Console domain must be allowlisted in your external identity provider's configuration to allow redirection after login (for example,
https://brand.strivacity.com).
Once an external provider is configured:
- Any admin account (including one with only external login) can sign in to the Admin Console using the external login button.
- To add new admins, an existing administrator must send an invitation. The invited user receives a registration link and is prompted to fill in the required account details.
- On the final screen, the invited user selects the external login provider button to complete the process. They're redirected to authenticate with the provider, then granted access to the Admin Console.
You can configure multiple external login providers and manage them independently.
The following external providers are supported for the Admin Console:
Social login providers
OpenID login providers
- OpenID
- HYPR
- Okta
- Azure Active Directory
SAML login provider
- SAML
You can also configure an OpenID Connect or SAML2 provider of your choice.
Updated about 1 month ago