Softdrive has an authentication system that is used for both logging into the remote desktop software and into your Softdrive management dashboard. Users with default permissions (non-admins) will have reduced access to features of the management dashboard - only being able to see and interact with their own PCs.
As a team admin, you can manage your team's authentication settings by going to the Security page on the management dashboard.
Softdrive provides two authentication providers out of the box: Softdrive login (email + password), and Microsoft login. By default, both options are enabled for new teams. If you'd prefer to restrict your users to one of the two options, you may do so in the dashboard. If all of your users are logging in with only one of the options, it's a good idea to disable the other.
Softdrive also supports custom OIDC and SAML authentication providers, if there is another authentication provider you would like to use or if you are running your own authentication provider that supports either of these standards.
When a new user is invited to Softdrive, if Softdrive Login is enabled they will be asked to create a password. Using the email that they are registered with and this password, they will be able to login to the remote desktop software, and connect to any of their Cloud PCs or remote PCs. They will also be able to login to the management dashboard using these credentials.
When a new user is invited to Softdrive, their email is registered with our authentication service. Users are able to use Microsoft Login as a Single-Sign-On (SSO) authentication option by logging into the Microsoft account with the matching email address. Microsoft account emails are unique, so adding an email address as a new Softdrive user implicitly gives that Microsoft account access to Softdrive.
Softdrive supports the OpenID Connect (OIDC) and Security Assertion Markup Language (SAML) standards for custom authentication providers. This integration is not completely automated yet, so you'll need to contact us to configure this.
Softdrive supports SMS (texts to phone numbers) one-time codes as a form of two-factor authentication (2FA).
2FA means that two "things" (factors) are needed to prove your identity and be authenticated. In general, multi-factor authentication (MFA) means that more than one "thing" is needed to provide identity. Typically, one factor would be something you know (a password) and another factor would be something you have (a physical device, like a cell phone). Using 2FA has significant security benefits compared to just using an email and password or otherwise just using one authentication factor.
Microsoft claims that MFA can block over 99.9 percent of account compromise attacks.
Softdrive 2FA is enabled by default. It can be disabled on a team-wide or per-user basis.
Softdrive 2FA is applicable to all of our supported authentication providers; you can use Softdrive 2FA with Softdrive Login (email + password), Microsoft Login, or with any custom provider. Your authentication provider may be configured to use 2FA already, in which case you may choose to disable Softdrive Login for your team and disable Softdrive 2FA and still retain a high level of security.
Other Softdrive 2FA options, such as Authenticator, are coming soon.
To enable Microsoft Login for your organization, an Azure Active Directory (AD) administrator must follow these steps.
You can manage permissions around accessing Softdrive in Azure. Softdrive accounts must still be created on the Softdrive management dashboard. Without creating a Softdrive account, users won't have anything to login to even if their Microsoft account is authorized to use the Softdrive Enterprise App.
To restrict which users can login to Softdrive using Microsoft Login, follow these steps. Note that if Microsoft Login is your only enabled authentication provider, you can enable/disable Softdrive access for a user entirely within your Azure AD.