Overview
In Element451, you can configure authentication methods for internal users (staff and faculty) and external users (students) to ensure secure access to your platform. These settings can be customized by navigating to Settings > Manage Users > Security in the admin dashboard.
Video Overview
Video Overview
Internal Authentication Settings
Effective 1/29/25: Disabling MFA will no longer be an option for internal authentication using the Element451-provided login (email + password). This change does not affect external users (students) logging in.
This section allows you to specify how internal users (staff and faculty) log into Element451.
Password (Element451-Provided Login)
The Password option is the Element451-provided login method, allowing users to log in with an email address and password.
When this method is enabled for internal users, Multi-Factor Authentication (MFA) is required to further secure access.
With MFA, users logging in with their email and password will receive a one-time code via email. This code must be entered into the on-screen modal to complete the login process.
Single Sign-On (SSO)
SSO allows users to access Element451 through your institution’s SSO provider.
While Element451 does not control MFA for SSO logins, we strongly recommend confirming with your SSO provider that MFA is enabled for added security.
Google
Google Workspace login lets users authenticate through their Google accounts.
As with SSO, MFA for Google is managed outside of Element451, and we recommend verifying MFA is enabled for Google Workspace accounts.
API Key
External Authentication Settings
This section determines how external users (students) log into Element451.
Password (Element451-Provided Login)
The Password option is the Element451-provided login method. External users create their account credentials (email and password) when they register for an account using the application site’s registration form.
Unlike internal users, MFA remains optional for external users logging in with this method. If enabled, external users will follow the same MFA process as internal users, receiving a one-time code via email to verify their login.
Single Sign-On (SSO)
External users can log in through your institution’s SSO provider.
We recommend confirming with your provider that MFA is enabled for external accounts.
Google
Google Workspace accounts can also be used for external logins.
As with SSO, enabling MFA through Google is strongly advised to ensure secure access.
Multi-Factor Authentication (MFA)
MFA is a security measure that adds an extra layer of protection to the login process by requiring users to verify their identity using a one-time code.
How MFA Works
After entering their email and password, users will receive a one-time code via email.
Users must enter this code into the on-screen modal to complete the login process.
Benefits of MFA
Provides enhanced security by protecting against unauthorized access.
Reduces the risk of compromised passwords by requiring a second form of verification.
Best Practices for SSO and Google Users
Confirm with your SSO provider or Google Workspace administrator that MFA is enabled.
Regularly review and update your login security settings to ensure compliance with institutional policies.
Configuring SSO
To use your school's SAML2 SSO provider for either internal users (staff) or external users (students/contacts), you'll need to add your metadata to the SSO Authentication Settings:
Navigate to Settings > Manage Users > Security > SSO Authentication
You will need to configure and provide metadata separately for each use (internal/external).
If your SSO platform requires a Service Provider URL before generating metadata, please contact Element451 Live Support, and we will be happy to provide a URL to you.
When setting up the SAML2
NameIDattribute, ensure it is mapped to theemailAddressvalue. For successful SSO login, the email address must match a user account in Element451.
Session Duration
To ensure security, Element451 sessions are time-bound and require re-authentication regularly. However, we do not limit the number of concurrent sessions.
Element451 Username/Password: 24 hours
SAML Single Sign-on: 24 hours
Google: 30 Days
Via Element451 Magic Links: 48 Hours
Your API Keys
An API key is an authentication token that functions as a secure access pass for API calls. It establishes authorization, allowing access to your integrations.
When you create an API key, it is associated with your account and will be listed here under Your API Keys.
To ensure better security and organization, we recommend creating a new internal user (e.g., Integrations) to generate the API key. This way, if there's a change in employees or someone else needs access, the API key won't be tied to a specific user's account, making transitions smoother.
Even if Password authentication is disabled, API keys can still authenticate API calls.
Disabling Username/Password Method + Using API
If you've built your API integration before Dec 2023, disabling password login to enforce SSO will break your integration. Be sure to create an API key for authenticating your API calls.
API integrations managed by Element451 are not affected if you turn off password login options.
Renewing Your SSO Certificate
If your SSO signing certificate is set to expire, you’ll need to update the certificate to maintain uninterrupted authentication. Element451 does not actively monitor your metadata for updates, so it’s important to follow these steps when your certificate is renewed:
Work with your SSO provider to regenerate your SSO signing certificate. Once this is done, the updated certificate will be reflected in your metadata URL/file.
Replace your metadata in Element451 SSO Authentication settings.
Navigate to Settings > Manage Users > Security.
Locate the SSO Authentication Settings and replace the current metadata with your updated metadata URL or file.