Skip to main content
All CollectionsSettings + PermissionsSecurity
Security + Authentication Settings
Security + Authentication Settings

Learn how to configure your internal and external user authentication methods.

Michael Stephenson avatar
Written by Michael Stephenson
Updated over 2 weeks ago

Effective 1/29/25: Disabling MFA will no longer be an option for internal authentication using the Element451-provided login (email + password). This change does not affect external users (students) logging in.

Overview

In Element451, you can configure authentication methods for internal users (staff and faculty) and external users (students) to ensure secure access to your platform.

These settings can be customized by navigating to Settings > Manage Users > Security in the admin dashboard.

Internal Authentication Settings

This section allows you to specify how internal users (staff and faculty) log into Element451.

Password (Element451-Provided Login)

  • The Password option is the Element451-provided login method, allowing users to log in with an email address and password. You can learn more about adding users here.

  • When the Element451 password is enabled for internal users, Multi-Factor Authentication (MFA) is required.

    • Users will receive a one-time code via email. This code must be entered into the on-screen modal to complete the login process.

Single Sign-On (SSO)

  • SSO allows users to access Element451 through your institution’s SSO provider. While Element451 does not control MFA for SSO logins, we strongly recommend confirming with your SSO provider that MFA is enabled for added security.

Explore More: Configuring SSO →

Google

  • Google Workspace login lets users authenticate through their Google accounts.

  • As with SSO, MFA for Google is managed outside of Element451, and we recommend verifying MFA is enabled for Google Workspace accounts.

API Key

  • An API key is an authentication token that functions as a secure access pass for API calls. It establishes authorization, allowing access to your integrations. More information on API keys can be found below.

External Authentication Settings

This section allows you to specify how external users (students) log into Element451.

Password (Element451-Provided Login)

  • The Password option is the Element451-provided login method. External users create their account credentials (email and password) when they register for an account using the application site’s registration form.

  • Unlike with internal users, Multi-Factor Authentication (MFA) is optional for external users logging in with the Element451 password method.

    • If enabled, external users will follow the same MFA process as internal users, receiving a one-time code via email to verify their login.

Single Sign-On (SSO)

  • External users can log in through your institution’s SSO provider. We recommend confirming with your provider that MFA is enabled for external accounts.

Explore More: Configuring SSO →

Google

  • Google Workspace accounts can also be used for external logins.

  • As with SSO, enabling MFA through Google is strongly advised to ensure secure access.

Your API Keys

An API key is an authentication token that functions as a secure access pass for API calls. It establishes authorization, allowing access to your integrations.

  • When you create an API key, it is associated with your account and will be listed here under Your API Keys.

  • To ensure better security and organization, we recommend creating a new internal user (e.g., Integrations) to generate the API key. This way, if there's a change in employees or someone else needs access, the API key won't be tied to a specific user's account, making transitions smoother.

  • Even if Password authentication is disabled, API keys can still authenticate API calls.

Disabling Username/Password Method + Using API

  • If you've built your API integration before Dec 2023, disabling password login to enforce SSO will break your integration. Be sure to create an API key for authenticating your API calls.

  • API integrations managed by Element451 are not affected if you turn off password login options.

Multi-Factor Authentication (MFA)

MFA is a security measure that is part of the Element451 email/password authentication. MFA adds an extra layer of protection to the login process by requiring users to verify their identity using a one-time code.

How MFA Works

  • If the Element451 password authentication method is enabled, MFA is required for internal users and optional for external users.

  • After successfully entering their email and password, the user will receive a one-time code via email. The code is valid for 10 minutes.

  • The user must enter this code into the on-screen modal to complete the login process.

Benefits of MFA

  • Provides enhanced security by protecting against unauthorized access.

  • Reduces the risk of compromised passwords by requiring a second form of verification.

Best Practices for SSO and Google Users

  • Confirm with your SSO provider or Google Workspace administrator that MFA is enabled.

  • Regularly review and update your login security settings to ensure compliance with institutional policies.

Session Duration

To ensure security, Element451 sessions are time-bound and require re-authentication regularly. However, we do not limit the number of concurrent sessions.

  • Element451 Username/Password: 24 hours

  • SAML Single Sign-on: 24 hours

  • Google: 30 Days

  • Via Element451 Magic Links: 48 Hours

Related Articles
Adding + Managing Internal Users
Enhanced Login Security | December 2023
MFA Requirement Change | January 2025
Configuring + Managing Single-Sign-On (SSO)
📌 Settings + Permissions: Frequently Asked Questions
Did this answer your question?