Iterable provides three ways to authenticate members:
- Email and password with multi-factor authentication (MFA)
- Sign in with Google (formerly known as Google Sign-In)
- Single sign-on (SSO), using an identity provider (IdP) such as Okta
This article describes these options and how to set them up.
In this article
Authentication methods
You can choose any combination of these methods for members to access your organization.
Username and password
For new organizations, this is the default authentication method. Members can log in to Iterable with their email address and password, and are required to enroll in multi-factor authentication (MFA) when logging in for the first time.
Member eligibility
To log in with a username and password:
- Members must have a valid email address to serve as their username.
- Members must be added to at least one project in Iterable.
- Members must be able to enroll in and use MFA. This includes the following
requirements:
- Have a supported authentication factor available.
- Use a supported browser and operating system.
- Have JavaScript enabled.
- For more details about MFA enrollment requirements, read MFA Enrollment Requirements.
Password requirements
When setting a password:
- It must be at least 24 characters.
- It can include letters, numbers, and special characters.
Passwords are case-sensitive.
TIP
When setting your password, it should be a unique password that you don't use for other accounts, and should meet your organization's security requirements.
Make sure to store your password securely, and don't share it with others.
Multi-factor authentication (MFA)
Members must enroll in MFA when logging in for the first time. For instructions, read Enrolling in Multi-Factor Authentication (MFA).
For Iterable administrators, read Managing and Resetting Multi-Factor Authentication (MFA) for Iterable Members.
Google Sign-In (Sign in with Google)
When Google Sign In is an enabled authentication method, members may use Sign in with Google to access their Iterable accounts.
Sign in with Google is a convenient way to log in to Iterable, especially if your team members already use Google services.
Iterable administrators can manage member permissions and roles from within Iterable. When setting up Google Sign-In, you can choose to allow members to log in with Google only, or to use Google Sign-In in combination with other authentication methods.
Member eligibility
To use Sign in with Google:
- The member must have access to a Google account.
- The member must be added to at least one project in Iterable with their Google-based email address.
- They may use any email domain that works with Google.
To log in, members can click Continue with Google on Iterable's login screen.
Single sign-on (SSO) via SAML
Authenticate members with single sign-on (SSO), and optionally manage authorization in your identity provider (IdP) as well.
With this option:
- Members authenticate using single sign-on (SSO).
- If you'd like, you can manage authorization (Iterable roles and permissions) in your IdP.
SSO customization options
When setting up SSO, you'll need specify how your Iterable organization manages members and their roles, and how those members are allowed to log in to Iterable.
To manage Iterable members and their roles, you can either:
- Rely on your IdP as the source of truth for Iterable org permissions, roles, and project assignments (use SSO for both authentication and authorization).
- Allow Iterable administrators to manage org permissions, roles, and project assignments from within Iterable (use SSO for authentication only).
For member login, you can allow:
- SAML only—all users must sign in via SSO.
- SAML and other options—some users use SSO, some use username and password, and/or some use Google Sign-In.
To learn more about Iterable's SSO support, visit Single Sign-On (SSO) Overview.
Signing in with SSO
There are two ways to use an identity provider to sign in to Iterable:
- Open Iterable from your identity provider's app (IdP-initiated).
- Enter your email address on Iterable's sign-in screen and click Continue. This redirects you to your IdP for authentication, and then back to Iterable as a logged in member (SP-initiated).
IMPORTANT
As of March 28, 2023, IT administrators must change their SAML settings for continued login support. To read the full announcement, visit our release notes.
Setting authentication methods
To select an authentication scheme for your Iterable organization:
Log in to Iterable as a member that has the Manage Members org permission.
Go to Settings > Authentication.
In the Authentication Policy section, click Edit Policy.
-
Select at least one authentication method:
To use SSO for authentication, visit Setting up Single Sign-on (SSO) for instructions.
NOTE
Previously, when you selected SSO as an authentication method, you couldn't disable it later to use another method. This is no longer the case.
If you enable SSO and later need to turn it off, de-select the authentication method on this page and choose another.
Click Save.
Further reading
- Permissions for Using Iterable
- Creating and Updating Custom Roles
- SSO Overview
- Setting up Single Sign-On (SSO)
- SSO Tips for Common Providers (Azure AD, Google Workspace, Okta)
- Managing and Resetting Multi-Factor Authentication (MFA) for Iterable Members
- Enrolling in Multi-Factor Authentication (MFA)