Overview
In Element451, you have the ability to choose which authentication methods you want to allow for your internal and external users.
You can configure these settings by clicking on your profile picture in the top right corner and then navigating to Settings > Manage Users > Security.
Video Overview
Internal Authentication Settings
Use this section to specify the method(s) through which your internal users (staff and faculty) can access your Element451 dashboard.
Password
If you choose to enable the Element451 login (email and password), you also have the ability to enable multi-factor authentication (MFA).
To enable MFA, toggle on the Use MFA setting.
SSO
Google
Api Key
External Authentication Settings
Use this section to specify the method(s) through which your external users (students).
Password
If you choose to enable the Element451 login (email and password), you also have the ability to enable multi-factor authentication (MFA).
To enable MFA, toggle on the Use MFA setting.
SSO
Google
Configuring SSO
To use your school's SAML2 SSO provider for either internal users (staff) or external users (students/contacts), you'll need to add your metadata to the SSO Authentication Settings:
Navigate to Settings > Manage Users > Security > SSO Authentication
You will need to configure and provide metadata separately for each use (internal/external):
β
When setting up the SAML2 NameID
attribute, ensure it is mapped to the emailAddress
value. For successful SSO login, the email address must match a user account in Element451.
Session Duration
To ensure security, Element451 sessions are time-bound and require re-authentication on a regular basis.
Element451 Username/Password: 24 hours
SAML Single Sign-on: 24 hours
Google: 30 Days
Via Element451 Magic Links: 48 Hours
However, we do not limit the number of concurrent sessions.
Your API Keys
An API key serves as an authentication token, functioning as a secure access pass for API calls. It establishes authorization, allowing access to your integrations.
When you create an API key, it is associated with your account and will be listed here under Your API Keys.
To ensure better security and organization, we recommend creating a new internal user (e.g., Integrations) to generate the API key. This way, if there's a change in employees or someone else needs access, the API key won't be tied to a specific user's account, making transitions smoother.
Even if Password authentication is disabled, API keys can still authenticate API calls.
Disabling Username/Password Method + Using API
If you've built your own API integration prior to Dec 2023, disabling password login to enforce SSO will break your integration. Be sure to create an API key for authenticating your API calls.
β
API integrations managed by Element451 are not affected if you turn off password login options.
Multi-Factor Authentication (MFA)
MFA can be enabled if you are using the Element451 authentication method (Password). If enabled, a code will be emailed to the user.