============== Authentication ============== ACM is designed to be integrated with a customer Single Sign On (SSO) platform. We support most any SAML or OIDC-compliant Single Sign On product, and have integration guides available for Okta, Azure AD and others. We support the Service Provider-Initiated (SP) sign-on flow for both SAML and OIDC. Your account will assigned a specific login URL for use by your users: For customers boarded in the U.S. version of ACM: https://acm.hydrantid.com/login/** Integration Guides and web conference support for setting up SSO will be provided during the Customer Onboarding process. If you are an existing customer and want to change SSO providers, please contact acmsupport@hydrantid.com for more information. .. image:: ACMScreenshots/ACM-LogIn.png ACM can act as the Identity Provider for your integration. This means your users must log in directly to ACM using credentials issued by our platform. ACM enforces two-factor authentication by default for the following roles: * Account Admin * Account Auditor * Organization Admin * Organization Auditor This means that a Time-based One-time Password (TOTP) is required in addition to the user's email address and ACM password. If you were an Admin in the previous version of the portal, this replaces the use of digital certificates for authentication. .. image:: ACMScreenshots/ACM-2FAVerification.png ACM is optimized for Google Authenticator but has been successfully tested with: * Google Authenticator * Microsoft Authenticator * Duo Security Duo Mobile * LastPass Authenticator The Requestor role only requires a user email address and password. Two-factor authentication may be added by editing the user's **Profile** and clicking the "Enable" link. The user will be prompted to set up their TOTP device on the next login.