Skip to main content
<   Back to Blog Articles

Hide Authentication Options from Xurrent Users

Carlyn Manly

Personal SecurityMost organizations have activated single sign-on (SSO) in their Xurrent accounts.  They rely on their identity provider (such as Azure AD, Okta or OneLogin) to ensure that people are authenticated before they can access Xurrent.  Two small usability improvements have been introduced to make sure that people from such organizations do not see any unnecessary information in the ‘Access & Security’ section when they access their profile in Xurrent:

  1. When the SSO configuration of a Xurrent account dictates that its users should not be asked to enter a Xurrent two-factor authentication code, users no longer see the option to activate 2-Factor Authentication.
  2. When users are not allowed to bypass single sign-on, they have no need for a Xurrent password.  So when the option ‘Allow users to bypass this Single Sign-On…’ has been left unchecked in the SSO configuration of an organization’s Xurrent account, its users no longer see the option to change their Xurrent password.

Single sign-on configuration options

When the first option is checked and the second is unchecked, the entire ‘Signing in to Xurrent’ segment is now hidden for all specialists.  With those settings, end users are also no longer confronted with this section when they access ‘My Profile’ in Xurrent Self Service or the Xurrent App.

Access and Security section in Xurrent

This can avoid some confusion, because many people understandably did not see why they would have the option to set a Xurrent password or activate multi-factor authentication in Xurrent when their access is controlled by their organization’s identity provider.

Note, however, that the owner of a Xurrent account will always sees the change password and 2FA options.  That’s because the account owner must always be able to bypass single sign-on.  Otherwise organizations would not be able to recover when their single sign-on integration stops working.  And because an account owner’s access can be used to do serious damage to the setup of a Xurrent account, the access of an account owner should always be secured with multi-factor authentication.

Stay up to date on the latest posts

Sign Up Now!