Authentication
Articles in Authentication
Account Permissions
ChangeBreeze's role-based permission system provides: Flexibility: Six distinct roles to match your organizational structure Security: Separation of duties and principle of least privilege ITIL Compliance: Roles aligned with ITIL change management best practices Scalability: Works for small teams and large MSPs alike Auditability: Complete logging of all permission-based actions
Enforcing Multi-Factor Authentication for All Users
Enforcing MFA protects your organization by adding a layer of security beyond passwords. Admins can enable it in ChangeBreeze’s Organization settings. SAML-authenticated users may already have MFA via their identity provider and can be excluded from additional enforcement.
How to enable MFA for local accounts
Steps to Enable Multi-Factor Authentication (MFA) for Enhanced Account Security
How to setup SAML authentication with Microsoft Entra
This guide walks you through setting up SAML Single Sign-On (SSO) for ChangeBreeze with Entra ID, allowing users to log in automatically using their company credentials. By integrating with your existing identity provider (such as Entra ID), ChangeBreeze can provide a secure and seamless login experience without the need for separate passwords. Once complete, users can access ChangeBreeze instantly through their organization’s sign-in portal, improving both security and convenience.
Managing Global User Permissions for Organizational Accounts
In a multitenant system with organizational user accounts, permissions are global and apply to all sub-companies within the organization. Any permissions set at the organizational level automatically cascade to the sub-companies. User accounts can have roles set during their creation, with the option to edit these roles later from the User Management page. Editing a user's role will update their role across all companies within the organization, override any custom role settings at the company level, and take effect immediately.
Managing Global User Permissions for Sub Company / Tenant Accounts
In a multitenant system, sub-company accounts can have user accounts directly attached, typically for customer end users. Permissions can be tailored for these users, such as in the case of an IT team for a sub-customer.
What if a SAML user logs in when they have a local account already?
When a user who already has a local account (with username/password) signs in via SAML SSO for the first time, ChangeBreeze automatically converts their account to a SAML-only account.