This article is intended for license administrators. It describes the following best practice scenarios:

• Configuring automatic assignment of authentication methods
• Сonfiguring Active Directory authentication for company employees before assigning license seats to them
• Configuring authentication for projects that include both your company’s employees and external users

Configuring automatic assignment of authentication methods

You can configure automatic assignment of authentication methods to new license members. The following options are available:

• Associate email domains with an authentication method.

  When a license administrator adds users to a license from the "Users" page, users from email domains that are associated with any authentication methods are assigned the respective methods.

• Specify the default authentication method.

  When a license administrator adds users to a license from the "Users" page, users from email domains that are not associated with any authentication method are assigned this authentication method.

You can set both options when you add or edit an authentication method.

The main advantage of this method is additional security because each license member gets the correct authentication method no matter who adds them to the license. This also reduces the time required to register a license member.

See the example of applying these rules in Configuring authentication for projects that include both your company’s employees and external users.

Configuring Active Directory authentication for company employees before assigning license seats to them

To save time and effort on entering Active Directory authentication parameters for new license members, you can configure their authentication parameters in bulk before you add them to your license.

To configure Active Directory authentication parameters in bulk:

1. Prepare a spreadsheet that lists all of the employees and contains their usernames in the Active Directory domain.

   For the description of spreadsheet format and available columns, see Importing people to licenses from spreadsheets.

2. Import the employees from the spreadsheet to your license. When prompted to set their license role, select "Deactivated."

Since deactivated license members do not occupy license slots, it is okay to keep the entire list of company employees in your license. Every time an employee starts working on a project, you only have to activate their Revizto account without the need to review their authentication parameters.

Configuring authentication for projects that include both your company’s employees and external users

If your project includes both your company’s employees and external users, we recommend that you configure the following authentication methods:

• A single sign-on authentication method for your company’s employees.
• Revizto login for external users.

Using single sign-on authentication in all corporate resources, including Revizto projects, increases the security of Revizto accounts, as an administrator can revoke user access to all resources at once by closing a single account.

We recommend that you configure the following rules for automatic assignment of authentication methods:

• Add your company’s email domain to the list of associated domains for a single sign-on authentication method of your choice. All new license members from your company’s domain will be assigned this authentication method.
• Make "Revizto login" the default authentication method. All new license members that do not belong to your company’s domain will be assigned this authentication method.