After a user is provisioned the end-user can begin using the Syncplicity service by logging into one of the Syncplicity client applications and activating their account. Please refer to provisioning users for more details on the provisioning process.
As an administrator for your company account, you have a choice for allowing your users to login using their email address and passwords or enabling Single-Sign-On with your company’s Active Directory/LDAP system. This article will highlight the authentication process with both methods.
Authenticating using email address and password
By default your company account is configured to require email address and password. In this case, your company users can login to any of the Syncplicity clients using their email address and password. In order to login to the Syncplicity web application, users can login from https://my.syncplicity.com/
During login, if the user types in an incorrect email address or password, they will receive an error message with this information. If the user has forgotten their password, the user also has the ability to request for a new password from the login screen.
Authenticating using Single-Sign-On with Active Directory/LDAP
Active Directory and LDAP single sign-on (SSO) with Syncplicity allows companies of any size to leverage their existing corporate directories and authentication systems to authorize employee access to Syncplicity. Business Edition or an Enterprise Edition account is required in order to turn on Single-Sign-On with Syncplicity.
Instead of setting up yet another username and password for each employee in Syncplicity, IT administrators are now able to configure Syncplicity to delegate authentication to their own systems. This process is also referred to as federated authentication because Syncplicity and your company’s servers work together, in federation, to process authentication requests. When AD/LDAP SSO is enabled within a Syncplicity account, users no longer enter their Syncplicity username and password to access Syncplicity on the desktop, the web, and mobile devices. Instead, they leverage their existing corporate credentials to log in and, in many cases, do so in a completely transparent way with absolutely no forms to fill out. Furthermore, because authentication is delegated to secure, authorized servers outside of Syncplicity’s control, Syncplicity servers are never privy to the corporate passwords used in any way – authentication credentials remain squarely in the control of the corporate system. This presents several key benefits to any AD/LDAP-enabled organization:
- One less password for users to remember and IT to manage
- Simplified user provisioning and management within Syncplicity
- Support for custom authentication schemes, such as two-factor authentication
- Improved security through a centralized credential store and a single authentication endpoint
- Transparent login on AD/LDAP-joined devices (via Windows Integrated Authentication)
See Configuring Single-Sign-On for setting up your company account to use SSO.