New and existing Replicated users now have the ability to sign in to their Replicated.com vendor portal accounts using Google Authentication. This method of primary authentication is available to all accounts as an alternative to email/password-based authentication and SAML authentication (Enterprise accounts only).
This new capability streamlines the user sign in flow and makes it easier for team administrators to control the authentication methods that their users leverage.
Migrating Existing Accounts
Excluding some accounts that restrict users to only use SAML or require MFA, existing users should be able to seamlessly sign into an account that exactly matches their Google Workspace (formerly GSuite) email address (see caveats below on "+" accounts). Migrated accounts will maintain the same RBAC permissions that were previously assigned. Once signed in with Google, users can choose to disable username/password-based auth on their account or maintain both authentication methods via account settings.
Admin Functionality & Controls
Team administrators will find some additional functionality in the team settings including the ability to enable, disable or require Google Authentication on the account. (By default, existing accounts that don’t require SAML or MFA will have Google Auth enabled, but not required.) Restricting to Google Auth will require new users to sign up with a Google account that exactly matches the email address that was invited to the team (this can be a gmail.com address or user from another domain, it simply needs to match the invited email address exactly).
One of the core features this enables is that if the user's Google Account is suspended or deleted, Replicated will log that user out of all Google authenticated vendor portal sessions within 10 minutes. The user will remain in the team list, but they will no longer be able to log into the vendor portal (unless Username/Password is also allowed).
Caveats and Notes
Google Auth is not entirely compatible with our Multi-Factor Authentication (MFA) implementation, as Google Auth will bypass account-based MFA (relying instead on your Google Auth MFA), but will continue to be enforced on all email/password-based authentication.
Google Auth will only match direct existing user accounts, so for users who have signed up using “task-based email addresses” (i.e. name+replicated@domain.com), please continue to use email/password to sign in, invite your normal email address to your team, or contact support to change your email address.
We hope that this new sign in method will streamline your account access and make it easier to bring new members into your team. Sign in or create an account to try this out!