To allow tenant administrators to log into the Beyond Identity Console, you must configure an identity provider. Currently, Beyond Identity supports SAML and OIDC-based identity providers. The Admin Console provides two options to configure identity providers.
|Allows access to the Admin Console directly from the Beyond Identity Authenticator. This option allows organizations who do not have SSO or prefer not to connect the Admin Console to their SSO.
|Allows access to the Admin Console through SSO. Note: We recommend you use Single Sign-On login if your organization has one.
Your tenant can be configured to support up to two active identity provider types at a time, but at least one must always be active.
Administrators attempting to access the Admin Console will have the option to choose the Identity Provider type to use to authenticate to the Admin Console.
Note: Although the Passwordless Login option is visible in versions earlier than 2.53.0, it is disabled. The Tenant administrator can enable the button from the Admin Console. To check your version, open your passkey and click/tap the About this passkey, and scroll down to locate the App Version number.
Setting the Identity Type
To set the appropriate Identity Provider type for your organization.
Log into the Admin Console and select Settings:
From the Settings page, select Console Login.
Do one of the following:
To restrict your organization from logging into the Admin Console via Single Sign-On, disable the Console Passwordless Login option.
To allow access from the Authenticator, enable the option.
Note: We recommend always using Single Sign-On login if your organization has one.
If the disabled option is grayed out and cannot be enabled, the Admin Console does not have the RBAC feature enabled. To enable RBAC, contact Beyond Identity support.