Guidance

The members you invite to use the GenStudio workspace need to authenticate themselves when they initially sign up and when they later sign in. You can choose one or more allowed methods that are consistent with the way users normally identify themselves in your organization. Enterprise Single Sign On (SSO) methods are available in advanced plans.

Google Authentication

If your organization has assigned IDs to your team such as Jane.Doe@yourcompany.com then you should use one (and just one) of our SSO methods. If your organization is a Google Workspace user then choose “Google” as an allowed authentication method.

Microsoft Authentication

Choose “Azure AD” if your organization uses Microsoft’s enterprise Azure AD (Active Directory) authentication service (soon to start being called Microsoft Entra ID). This usually applies to business or academic deployments of Microsoft oriented SSO. Do not confuse this with the Microsoft individual consumer authentication method called “Microsoft Account” assigned to individuals when they sign up for Outlook.com, Microsoft 365, Xbox, etc. A consumer Microsoft account holder will not be able to sign in with Azure AD.

With Azure Active Directory, Microsoft provides the identity platform as a service but you can modify some of the configuration and settings, such as adding your own custom domain name (to get @yourcompany.com) or requiring multi-factor authentication. Your Azure Active Directory instance is available via the Azure Portal and other management tools like PowerShell, the Azure CLI and the REST API.

Pick One SSO

If yours is a Google workspace shop, pick Google athentication. If yours is a Microsoft identity service shop, pick AD. This is the “Single” in SSO. It is the way you would primarily want members to sign in and sign up.

Alternate Authentication

If you do not have any single source of identity, or use a method we do not support (contact us and let us know) then you might choose multiple methods or all methods for authentication. Or if members will join your GenStudio workspace who are not part of your regular organization you will need to choose alternative authentication methods for them to use.

Generally, if your organization uses Microsoft Azure AD, you might choose email or email and Google as supported authentication. If your organization uses Google authentication, you might add email to allowed options.

One downside to allowing alternative authentication methods is that some of your organization members might become confused and try to sign in with an alternative method. You might find it easier to manage allowing only your primary authentication method and providing identities (email addresses) to outside users you invite to your workspace.

TL;DR

• Email: Useful for 3rd party users or for hetrogeneous teams.

• Azure AD: The primary choice for organizations with enterprise Microsoft authentication.

• Google: Useful for 3rd party users, hetrogeneous teams, or organizations using Google Workspace.