What are Authentication Methods?
Authentication methods control how users log into VIPER. You can require everyone to use Microsoft or Google SSO, allow traditional email/password login, or give users the flexibility to choose.
Available Options
Option | Description | Best For |
Allow Any Method | Users choose Microsoft, Google, or Email/Password | Maximum flexibility |
Require Microsoft SSO | Only Microsoft authentication allowed | Organisations using Microsoft 365 / Azure AD |
Require Google SSO | Only Google authentication allowed | Organisations using Google Workspace |
Email/Password Only | Traditional login without SSO | Organisations without SSO infrastructure |
How to Configure Authentication Methods
How to Configure Authentication Methods
Go to Settings
In the Company Branding & SSO Settings panel, locate the authentication method dropdown
Select your preferred option
Enter your Admin Contact Email (required)
Click Save Settings
Restricting access to a company domain.
Restricting access to a company domain.
If you are specifying what email domain will have access, utilise the "Use the Impact Preview" to ensure all current users will still have access. Particularly important if you have contractors set up in your User Register.
Scheduling Changes with Advance Notice
Scheduling Changes with Advance Notice
If you're changing from a flexible policy to a stricter one, consider giving users time to prepare:
Configure your authentication method
Set the Policy Effective Date to a future date
Click Save Settings
Users will see a warning when logging in but can still access VIPER until the effective date.
Common Questions
Common Questions
"What happens to users who don't have Microsoft/Google accounts?"
If you require Microsoft or Google SSO, users without those accounts will be blocked from logging in. They'll see a message with your Admin Contact Email so they know who to contact.
"Will this affect our operators?"
No. Users marked as Operator Only are automatically exempt from SSO policies. They use the separate VIPER Operator app and can continue logging in with email/password.
"Can I change the authentication method later?"
Yes. You can update the authentication method at any time. If you're making the policy stricter, consider using a scheduled effective date to give users advance notice.
"What's the difference between 'Allow Any Method' and 'Email/Password Only'?"
Allow Any Method lets users choose between Microsoft SSO, Google SSO, or email/password. Email/Password Only disables SSO options entirely—users must use traditional login credentials.
"Why can a User no longer access their VIPER app?"
Confirm they do not fall outside of any allowed email domains. You can choose to add the additional email domain, or allow all domains.
"What if I accidentally lock out legitimate users?"
If you save settings that block users unintentionally, immediately return to Settings and either add their email domains to the Allowed Email Domains list or clear the list entirely to allow all domains. Changes take effect immediately.
"Do I need to configure SSO with Microsoft or Google before selecting those options?"
No. VIPER's SSO integration with Microsoft and Google is already configured. When you select "Require Microsoft SSO" or "Require Google SSO", users will automatically be prompted to authenticate with those providers when they log in.
"What do users see when there's a scheduled policy change?"
Users who don't comply with the upcoming policy will see an "Upcoming Policy Change" alert when they log in.
The warning explains:
When the policy takes effect (e.g., "Starting 03 Feb 2026 at 12:00 AM")
What restrictions will apply (e.g., "your email domain will no longer be allowed and you will need to sign in using Microsoft SSO")
Your admin contact email for questions Users can still access VIPER normally until the effective date arrives.
After that date, the restrictions will be enforced.