Skip to main content
Skip table of contents

User Authentication Options

This overview details all the different ways a user can be authenticated upon login into the application. Multiple of these can be available at the same time, or the organization admin can block certain ways to enforce a specific way of authentication.

Password challenge

The regular username+password combination. The password hash is stored in Circularo as as such it is not dependent on any 3rd party service.

Circularo requires a non-trivial password, with both lowercase and uppercase letters, numbers or a special symbol, with a length of at least 8 characters, to provide greater security.

For the same reason password expiration can be set up and a lock out mechanism employed by default to protect against brute force attacks.

Inactive user logout is by default set to a 1 month of inactivity.

OAuth 2.0

Authentication is handled by a 3rd party provider, where users log into the provider with their existing credentials for that service. They never input their credentials into Circularo, which enhances security.

New accounts can be registered via OAuth as well.

Providers:

Microsoft (SharePoint)

LinkedIn

Dropbox

Google

UAE Pass (add-on; on MENA cloud on by default)

Nafath (add-on)

BankID (Czech only) (add-on)

On the login screen a user will select the 3rd party provider they want to use, they will be taken to a login screen of that provider, where they input their credentials, the provider authenticates those credentials, and returns the user to the Circularo application, logged in to their account. Any information needed is transferred from the provider.

UAE Pass, Nafath and BankID are national identity providers and have to be linked to an account, as the email they used to register for the provider may be different than the email they have saved in their Circularo profile. (They can do this manually in preferences, during login, or while registering an account - whether they have that option is based on administration settings.)

Multi-factor authentication

This feature can be turned on in the user’s preferences at any point.

  • Mail - a One-Time Pin (OTP) will be sent to a provided email address, which will need to be input during login

  • SMS - An OTP will be sent to a provided phone number, which will need to be input during login (Available as an add-on)

  • 3rd party authentication software - through a QR code shown when choosing this option the application will be connected to the user’s account and will provide a one-time code to input during login.

Active Directory

AD is an identity and management solution created primarily for Windows-based environments. It stores information about users, computer and other resources in a network. AD is an on-premise solution, meaning it requires hardware to run on.

AD can be integrated with Circularo, where during the initial import process accounts are automatically created based on the data stored in the AD, thus the users will then log into Circularo using the credentials for their existing AD account. The import process is one-time and there is not real-time synchronization between the AD and Circularo - the import script needs to be run each time. This also means that if an account is deleted in the AD, that user’s account in Circularo still exists, but they will not be able to access it. And because the synchronization is one way, should a Circularo account be deleted, the AD account remains.

Entra ID (formerly Azure Active Directory)

It is a solution very similar to its namesake Active Directory, with the difference that Entra ID is cloud-based and not on-premise. Therefore all hardware it needs to run is managed by Microsoft.

SAML

Security Assertion Markup Language is an open standard for exchanging information between a Service Provider (SP) and an Identity Provider (IdP).

Circularo integrates with an Identity Provider, and during login a user is taken to the IdP where they input their credentials and IdP authenticates them.

Through SAML any active directory that supports it can be integrated. SAML then serves as sort-of a bridge between the directory and Circularo. It extrapolates information stored in the directory and links it to an account. However, SAML only gains username from the AD and only after a user logs in.

The synchronization of user details is one-time, only during their first login. If any of the user’s details change after the first login, they cannot be synchronized again.

In Circularo, SAML is most often used to access the client’s Entra ID (formerly Microsoft Azure Active Directory).

LDAP

The Lightweight Directory Access Protocol is used to access on-premise active directory. It can transfer more information than SAML, but does not integrate with Entra ID. The protocol can transfer more information about users and accounts, including things like passwords, roles and responsibilities, but it does not mesh with cloud active directories. Unlike SAML, LDAP can synchronize all the information prior to the user logging in, thus everything is prepared in advance.

Unlike with SAML, user details can be synchronized again later.

To use an AD with Circularo, either SAML or LDAP are needed, as they create the connection - without them, no data can be transferred.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close