Authentication rules
Learn how to determine whether users should login using Digibee credentials or via IdP
By default, if you use an integrated access model, users can access the Digibee Integration Platform either using Digibee credentials or via an IdP. However, you can manage access rules to enforce IdP access for all users or only for specific users using the Authentication rules page.
Authentication rules page
On the Administration page, click on Identity Provider and then on the tab Authentication rules.

On the Authentication rules page, you will see a table that shows the number of active (non-archived) Digibee accesses and IdP accesses, as well as the authentication rule for each e-mail domain used to access the realm you manage. You can also manage accesses to a new domain by clicking on the Create button.
There are three possible authentication rules for each domain:
IdP only
Users of this domain can only log in to the Digibee Integration Platform via IdP. Logins with Digibee credentials are blocked for all users of this domain.
Digibee/IdP
Users of this domain can log into the Digibee Integration Platform either by using their Digibee credentials or via IdP.
Custom
For each user of this domain who has previously logged into the realm, you can choose whether or not they can log in to the Digibee Integration Platform using their credentials. In other words, you can choose whether their individual authentication rule is IdP only or Digibee/IdP. By default, if this option is activated, new users of this domain are assigned to the IdP only authentication rule and won’t be able to log in using Digibee credentials.
You can click on the pencil icon to edit the authentication rule for an e-mail domain. If you select custom, you will be able to edit the authentication rule of each user who has previously logged in with that e-mail domain.
When you finish setting up the rules, click on Activate Rules to activate them. You can alter these rules at any time.
When a user with Digibee/Idp authentication rule logs in via IdP, they are removed from all non-integrated Digibee groups to which they were assigned. Consequently, they lose the permissions granted by those groups.
Was this helpful?
