MantisHub team is excited to announce the release of Open ID federation support for single sign-on! With our AuthHub plugin, we provide open ID connect with multiple identity providers.
What is Open ID Connect? Well, in a nutshell, our AuthHub plugin allows you to enable federation based authentication for single sign-on (SSO). It also allows the auto-provisioning of users. So on valid authentication from your centralized identity provider, their MantisHub account is automatically created!
The following identity providers are supported with qualifying plans:
- Azure AD (Office 365) – for Platinum volume plans (200, 300, 500, 1000 users)
- Google / Google Suite – for Platinum volume plans (200, 300, 500, 1000 users)
- Github – for Gold plans and above
- Bitbucket – for Gold plans and above
Check out our pricing page for details.
For companies that use any of the supported identity providers, switching over to SSO rather than your standard MantisHub username password adds a wide range of benefits.
For your users:
- Users don’t have to manage yet another username and password as well as all the other advantages of SSO (single sign-on). So that means changing passwords just once! And if they are already logged in, just one click of a button will get into their MantisHub account!
- User accounts can be auto-provisioned, hence, no need to coordinate with an administrator or have a lag between needing to access MantisHub and being able to access it.
- User hashed credentials are not stored on MantisHub servers.
For your administrators and enterprise security:
- Users authenticating via your enterprise identity providers will honour policies configured by the administrator in accordance with your enterprise security policies. For example, using FIDO devices, multi-factor authentication, password complexity, recurring password changes, protection against password spray attacks, etc. are all enforceable.
- Once a user account is disabled, like when an employee leaves your company, administrators just need to revoke access in the one place and access to MantisHub and other federated SaaS applications access will be blocked.
- AuthHub can be configured to lock down a list of users or domains to only permit login via your identity provider while allowing other users to log in with MantisHub standard login.
- AuthHub plugin can be configured to allow auto-provisioning of users with your chosen access level on successfully sign-on. This can be scoped to a configured list of email address domains. This reduces manual work to onboard your team and reduces human error.
Want to get started?
Check out MantisHub’s knowledge base articles for more information including configuration options:
- Office365 Authentication
- Google Suite / Google Authentication
- GitHub Authentication
- Bitbucket Authentication
And if you have questions, please reach out to our lovely MantisHub support team.
API tokens provide users with more control, convenience, visibility and security when providing other services and apps access to their MantisHub.
Here are some of the benefits of API tokens compared to use of passwords:
- Tokens are 32 characters long and cryptographically secure, hence, they are much more secure than user passwords.
- Tokens are generated by MantisHub, hence, they are not going to be shared passwords with any other internet services that the users use.
- Users have visibility on when each token was last used to access MantisHub.
- Users can revoke one of the tokens without impacting others. Hence, can selectively deny access to specific services.
- Users can change their passwords without affecting the validity of the API tokens.
Users can generate API tokens via their My Account – API tokens. The tokens are only displayed once and should be used for one integration. The tokens can be passed in the password field when calling the MantisHub SOAP APIs. Note that it can’t be used to login via the MantisHub login page.