Hide Authentication Options from 4me Users

Personal SecurityMost organizations have activated single sign-on (SSO) in their 4me accounts.  They rely on their identity provider (such as Azure AD, Okta or OneLogin) to ensure that people are authenticated before they can access 4me.  Two small usability improvements have been introduced to make sure that people from such organizations do not see any unnecessary information in the ‘Access & Security’ section when they access their profile in 4me:

  1. When the SSO configuration of a 4me account dictates that its users should not be asked to enter a 4me two-factor authentication code, users no longer see the option to activate 2-Factor Authentication.
  2. When users are not allowed to bypass single sign-on, they have no need for a 4me password.  So when the option ‘Allow users to bypass this Single Sign-On…’ has been left unchecked in the SSO configuration of an organization’s 4me account, its users no longer see the option to change their 4me password.

Single sign-on configuration options

When the first option is checked and the second is unchecked, the entire ‘Signing in to 4me’ segment is now hidden for all specialists.  With those settings, end users are also no longer confronted with this section when they access ‘My Profile’ in 4me Self Service or the 4me App.

Access and Security section in 4me

This can avoid some confusion, because many people understandably did not see why they would have the option to set a 4me password or activate multi-factor authentication in 4me when their access is controlled by their organization’s identity provider.

Note, however, that the owner of a 4me account will always sees the change password and 2FA options.  That’s because the account owner must always be able to bypass single sign-on.  Otherwise organizations would not be able to recover when their single sign-on integration stops working.  And because an account owner’s access can be used to do serious damage to the setup of a 4me account, the access of an account owner should always be secured with multi-factor authentication.