Who can use this feature?
- All roles with access level "high"
- Available on all plans
Every Catalyst user must be able to log into Catalyst via your organization's email or identity provider using one of these options:
Log in with Google
Catalyst users who authenticate with Google share name, email address, language preferences, and profile picture with Catalyst.
Log in with Microsoft
Catalyst uses Auth0 to manage Microsoft authentication (OAuth through our verified Azure application used for identification). Catalyst users who authenticate with Microsoft must provide permission for the Catalyst app to read and maintain access to your profile.
The specific permission granted is Microsoft Graph User.Read
; the data points passed include the following:
- name (first and last)
- family name
- given name
- job title
- nickname (typically the email without the domain)
- oid (unique universal id)
- phone
- picture (a link to gravatar or other available profile avatar)
- tenant id
- upn (unique identifier, typically the same as the email address)
Catalyst only uses the email to verify identity during the authentication callback and allow login. The other information is stored within Auth0 and is only accessible by a subset of Catalyst employees.
Log in with Enterprise SSO
If you use an identity provider (IdP), such as Okta or Azure, you can set up an SP-initiated SSO connection between Catalyst and your IDP using SAML 2.0.