The platform supports a wide range of login providers. Users who have registered directly with your site can log in using the email address and password they created during registration. Alternatively the platform lets users log in using Facebook, Google, Amazon, LinkedIn, Twitter and a range of SAML and LDAP integrations.
Users will log into your site either by going straight to the login article, or by being prompted to log in when they try to access secure content.
The Login Process
When a user tries to access secure content, by following a link to a secured page, they'll have to log in before they can reach it. Once they've successfully logged in they'll be redirected to the secure content they were trying to view. The platform checks that they are a member of one of the groups the secure content has been secured to, and if they are, they'll be able to see it. If not, they'll see a security warning.
If a user goes straight to your site login article and successfully logs in, they'll end up in one of two places. The login article lets you set a "welcome" article, which we generally set as an article using the My Account template. If you don't set a welcome article, the user will be redirected to your site's homepage.
Users who have registered directly with your site can log in using their username (by default, their email address) and password. Repeated failed logins can cause a user to become locked out.
Log in with Another Provider
You can set up the Authentication template to let users log in with another account, like Facebook, Google, or an internal system like ADFS. Each of these login methods is known as a provider. Setting up new providers requires some technical knowledge and is fully described in the Authentication documentation.
When a user logs in using an external provider, an account is created for them with the details returned from the provider. Before being directed to an external provider, a user will have to give their consent to your site accessing their information.
The consent messages, and what happens if a user refuses consent, are all set up in the the Authentication worker. The user information we typically save from the external provider includes their name and email address (if present).
However a user logs in, when they do they'll be added to your site's default user group. Having a default user groups for all users means you can set up articles like My Account so that all logged-in users can access them.