Skip to content

About email sign-in accounts and SSO

Email sign-in accounts provide an alternative authentication method for accessing the Venafi Control Plane, particularly when Single Sign-On (SSO) is unavailable. This feature ensures that administrators and authorized users can maintain secure access under all circumstances.

Accounts that have email sign-in enabled can also sign in using SSO, assuming SSO is enabled and configured on your Control Plane account.

IMPORTANT

The primary purpose for allowing email sign-in is for situations in which your SSO goes offline—either intentionally or due to an outage of your SSO service—and an alternate authentication method is required.

As a matter of tightening security, using an email sign-in to authenticate with TLS Protect Cloud should be reserved for authorized administrators only in cases where SSO isn't available.

Features and benefits

  • Backup authentication: Email sign-in accounts serve as a fallback authentication method when SSO is offline, whether due to scheduled maintenance or unexpected outages.
  • Administrator access: This method is primarily intended for authorized administrators who require continuous access to the Venafi Control Plane.
  • Enhanced security: By enabling email sign-in, administrators can ensure secure access without relying solely on SSO, improving resilience against potential authentication disruptions.
  • Flexible user management: Administrators can enable or disable email sign-in for specific users based on role-based access needs.

About password reset functionality

To further enhance security, Venafi Control Plane enforces periodic password resets for email sign-in accounts:

  • Admin-initiated resets: Administrators can require users to reset their passwords at any time, providing additional security controls when necessary.
  • Annual password expiration: Users with email sign-in accounts are required to reset their passwords on a regular cadence to maintain account security.
  • Automatic redirection: When a password expires, users are automatically redirected to the password reset page for a seamless update process.

Requirements and compatibility

  • Prerequisites: A Venafi Control Plane administrator must enable the email sign-in option for user accounts.
  • Compatibility: Email sign-in accounts work with all local user accounts and integrate seamlessly with existing security protocols.

Next steps

Administrators can perform any of the following next steps: