Authentication & access

User authentication with SSO

Single Sign-On (SSO) is a user authentication method that allows individuals to access multiple applications or services with a single login. Once signed in, users can move between connected systems without needing to re-enter their credentials. This is the main method used for authenticating across the coreai platform.

We use Keycloak to handle authentication on the platform. Among other things, Keycloak allows us to federate with most access management systems available on the market, and most likely the one you already use for your day-to-day work. This means that we can integrate the platform to work with your current organizational identity, so you'll be able to authenticate with your existing username and password in a secure way.

If your organization uses Entra ID, GCP IAM, another Keycloak instance, etc., to manage access, when logging in to the platform you'll be redirected to your identity provider's page for authentication, then back to the platform where you'll be granted access.

Benefits of SSO:

• Convenience: Users only need to log in once to access all authorized systems.
• Improved Security: Reduces the need to remember multiple passwords, lowering the risk of weak or reused credentials.
• Efficiency: Saves time by eliminating repeated logins throughout the day.
• Simplified User Experience: Provides a seamless transition between applications.

Example After logging in via Keycloak, you can access the Portal, Superset (data visualization), as well as all other company tools that use SSO, without needing to sign in again for each one. This streamlines your workflow and enhances productivity.

Two-Factor Authentication (2FA)

Two-Factor Authentication (2FA) is a security feature that helps protect your account by requiring two steps to log in:

• Your password (something you know)
• A verification code (something you have), usually sent to your phone or generated by an app like Google/Microsoft Authenticator.

Even if someone knows your password, they cannot access your account without the second factor.

This feature is available on the coreAI platform if you have strong security requirements for your users.

Why Use 2FA?

2FA adds an extra layer of protection to your account which can me summarized into the following points :

• Stronger security: It makes it much harder for attackers to break into your account.
• Protection from stolen passwords: Even if your password is leaked or guessed, your account stays safe.
• Peace of mind: You know your personal data is better protected.

How It Works

You enter your username and password. You’re asked for a one-time code from your phone or authentication app. You enter the code and gain access.

Example When you log in with Keycloak, you’ll be prompted to set up 2FA. This usually involves scanning a QR code with an app like Google Authenticator or Authy, which will then generate your login codes. Every time you login you'll be asked for a temporary code generated by your authenticator app.