Authentication Configuration

25 minute readLast updated: January 2025

Huddle supports multiple authentication methods to provide secure and convenient access for your team. This guide covers configuring authentication providers, managing security settings, and implementing best practices for user authentication.

Important: Always keep at least one authentication method enabled to prevent lockout. We recommend having at least two methods available for redundancy.

Authentication Methods

Huddle supports multiple authentication providers to meet your organization's security requirements:

🔐

Google Sign-In

Enabled by default
  • OAuth 2.0 integration
  • Automatic email verification
  • Profile picture sync
  • Google Workspace support
🔑

Microsoft Sign-In

Configuration required
  • Azure AD integration
  • Office 365 compatibility
  • Group synchronization
  • Enterprise SSO
✉️

Email/Password

Enabled by default
  • Traditional authentication
  • Custom password policies
  • Email verification
  • Password reset
🛡️

Single Sign-On (SSO)

Enterprise only
  • SAML 2.0 support
  • Custom identity providers
  • Automated provisioning
  • Attribute mapping

Configuring Authentication Providers

Enable/Disable Providers

  1. Navigate to Account Settings > Authentication
  2. Toggle providers on/off as needed
  3. Configure provider-specific settings
  4. Save changes

Google Sign-In Configuration

Google Sign-In is enabled by default and requires minimal configuration:

Advanced Google Settings

  • Domain Restrictions - Limit sign-ins to specific Google Workspace domains
  • Email Pattern Matching - Require emails to match patterns (e.g., *@yourcompany.com)
  • Auto-provisioning - Automatically create user accounts on first login

Microsoft Sign-In Configuration

Setting up Microsoft Sign-In requires Azure AD configuration:

  1. In Azure Portal:
    • Register a new application
    • Configure redirect URIs
    • Generate client credentials
  2. In Huddle:
    • Enter Tenant ID
    • Add Client ID
    • Configure permissions
    • Test connection

Password Configuration

For Email/Password authentication, configure password requirements:

  • Minimum length (default: 8 characters, recommended: 12+)
  • Complexity requirements (uppercase, lowercase, numbers, special characters)
  • Password history to prevent reuse
  • Expiration policies if required

Multi-Factor Authentication (MFA)

Enhance security by requiring a second form of authentication:

Enabling MFA

  1. Go to Security > Multi-Factor Authentication
  2. Choose enforcement level:
    • Optional (users choose)
    • Required for admins
    • Required for all users
  3. Select allowed methods
  4. Set grace period for enrollment
MFA MethodExamplesRecommended
TOTP AppsGoogle Authenticator, Microsoft Authenticator, AuthyRecommended
SMS VerificationPhone number verificationNot Recommended
Backup CodesOne-time use recovery codesRecommended

Authentication Policies

Session Management

Configure how long users stay logged in:

  • Default session length: 30 days
  • Idle timeout: Optional, can be set from 15 minutes to 24 hours
  • Maximum session duration: Absolute limit regardless of activity
  • Remember me options: Allow extended sessions for trusted devices

Access Restrictions

Implement additional security controls:

Pro Tip: Use IP allowlisting for sensitive accounts and require VPN access for remote workers. Combine with MFA for defense in depth.

Available Restrictions

  • IP Allowlisting - Restrict access to specific IP addresses or ranges
  • Time-based Access - Limit login to business hours
  • Geographic Restrictions - Block or allow specific countries
  • Device Trust - Register and require trusted devices

Single Sign-On (Enterprise)

For enterprise customers, SAML-based SSO provides centralized authentication:

SAML Configuration

  1. Identity Provider Setup
    • Entity ID configuration
    • SSO URL endpoint
    • X.509 certificate upload
    • Metadata exchange
  2. Service Provider Settings
    • Assertion Consumer Service URL
    • Service Provider Entity ID
    • Attribute mapping
    • Signature validation

Supported SSO Providers

Okta

OneLogin

Ping Identity

Custom SAML

Security Best Practices

Provider Configuration

  1. Limit Authentication Methods - Only enable needed providers
  2. Enforce Strong Authentication - Require MFA for administrators
  3. Monitor Authentication Events - Review failed login attempts regularly

Recommended Password Settings

  • Minimum 12 characters
  • Require complexity
  • Prevent common passwords
  • Regular expiration (90 days)
  • No password reuse (last 12)

Best Practice: Implement a phased rollout when changing authentication settings. Enable new methods before disabling old ones, and communicate changes well in advance.

Troubleshooting Common Issues

Cannot Login

  • Verify correct subdomain is being used
  • Check if authentication provider is enabled
  • Confirm user account exists and is active
  • Review IP restrictions and access policies

Google Sign-In Failures

  • Clear browser cache and cookies
  • Check popup blockers
  • Verify domain restrictions
  • Confirm Google account is active

SSO Problems

  • Verify SAML configuration matches IdP
  • Check certificate expiration
  • Review attribute mapping
  • Enable debug logging for detailed errors

Next Steps

After configuring authentication, enhance your security posture with these features:

Session Management

Monitor and control active sessions

User Management

Set up your team with proper permissions

Related Articles

Account Security Best Practices

Learn how to secure your Huddle account with industry best practices.

User Management

Manage user access and permissions across your organization.

Session Management

Monitor and control user sessions for enhanced security.