Skip to main content

Authentication

Adcyma provides enterprise-grade authentication through two secure methods: Magic Links (default) and Microsoft Entra ID Single Sign-On (recommended). Traditional password-based authentication is not supported to ensure maximum security and reduce attack vectors.

Overview

Our authentication system prioritizes security and user experience by eliminating password-related vulnerabilities:

  • Magic Links - Default passwordless authentication via email verification
  • Microsoft Entra ID SSO - Recommended authentication method for enhanced security

Security Philosophy

Zero-Password Security

Adcyma does not store or manage user passwords. This eliminates risks associated with password breaches, weak passwords, and credential stuffing attacks.

Why we chose these methods:

  • Eliminates password vulnerabilities - No passwords to crack, steal, or compromise
  • Reduces attack surface - Fewer authentication vectors to secure
  • Improves user experience - No passwords to remember or reset
  • Flexible deployment - Start simple, upgrade when ready
  • Multi-factor capable - Both methods support additional security layers

Overview

Magic Links are the default authentication method for Adcyma, providing secure, passwordless access by sending time-limited authentication links directly to verified email addresses.

  1. User initiates login with their email address
  2. System generates secure token with expiration time
  3. Email sent containing unique authentication link
  4. User clicks link to complete authentication
  5. Automatic login with session establishment

Security Features

  • Time-limited tokens - Links expire after 15 minutes
  • Single-use authentication - Each link can only be used once
  • Email verification - Confirms user controls the email address
  • Rate limiting - Prevents abuse (5 requests per hour per email)
  • Secure token generation - Cryptographically secure random tokens
  • Session management - Configurable session duration with automatic extension

User Experience

  1. User enters email address on login page
  2. System sends magic link to verified email address
  3. User checks email and clicks authentication link
  4. Automatic redirect to Adcyma with active session
  5. Session persists based on configured duration

Magic Links are available when:

  • SSO is disabled (default state)
  • Administrator has turned off SSO
  • Organization chooses to use email-based authentication

Overview

Microsoft Entra ID SSO provides enhanced authentication by integrating with your Microsoft identity infrastructure. This is the recommended authentication method for all organizations seeking improved security and user experience.

Recommended for All Organizations

SSO with Microsoft Entra ID provides superior security, better user experience, and centralized access management compared to Magic Links.

How SSO Works

  1. User accesses Adcyma application
  2. System redirects to your Microsoft Entra ID tenant
  3. User authenticates with corporate Microsoft credentials
  4. Entra ID redirects back to Adcyma with authentication token
  5. User gains access to Adcyma with appropriate permissions

Benefits of SSO

Security Advantages:

  • Leverages Microsoft's enterprise security infrastructure
  • Inherits your existing multi-factor authentication policies
  • Centralized user management and access control
  • Comprehensive audit trails through Microsoft security logging
  • Eliminates email-based authentication vectors
  • Advanced conditional access policies

User Experience:

  • Single sign-on across Microsoft ecosystem
  • No additional credentials to manage
  • Familiar Microsoft authentication interface
  • Automatic session management
  • Faster authentication process
  • No need to check email for access

Administrative Benefits:

  • Centralized user provisioning and deprovisioning
  • Group-based access control from Entra ID
  • Integration with existing Microsoft security policies
  • Simplified user lifecycle management
  • Real-time access control changes

SSO Administration

Enabling SSO:

  • Administrators can enable SSO through Adcyma settings
  • Requires Microsoft Entra ID configuration
  • Magic Links automatically disabled when SSO is active

Disabling SSO:

  • Administrators can turn off SSO at any time
  • Magic Links become available again immediately
  • Users can choose their preferred authentication method

Flexible Configuration

Administrators have full control over authentication methods and can switch between Magic Links and SSO as organizational needs change.

Authentication States

SSO Enabled State

When SSO is enabled by administrators:

  • All users authenticate through Microsoft Entra ID
  • Magic Links are not available
  • Centralized access control through Entra ID groups and policies
  • Enhanced security through Microsoft's identity platform

SSO Disabled State (Default)

When SSO is disabled (default state):

  • Magic Links are the active authentication method
  • Email-based authentication for all users
  • Flexible access without Microsoft infrastructure requirements
  • Simple deployment and user management

Choosing Your Authentication Method

Benefits for any organization:

  • Enhanced security compared to email-based authentication
  • Better user experience with single sign-on
  • Centralized identity management
  • Advanced security policies and monitoring
  • Professional authentication experience

Requirements:

  • Microsoft Entra ID tenant (Office 365 or standalone)
  • User accounts in Entra ID
  • Administrator access to configure integration

Suitable when:

  • Quick deployment needed without infrastructure setup
  • Temporary or project-based access requirements
  • Preference for email-based authentication

Account Recovery and Access Issues

If SSO Access Is Lost

When SSO is enabled and access issues occur:

  1. Contact your IT Administrator first for Entra ID-related problems
  2. Contact Adcyma Support if administrator cannot resolve
  3. Provide setup information for company verification if needed
  4. Administrator can disable SSO to restore Magic Link access temporarily

When Magic Links are enabled and access issues occur:

  1. Check email delivery and spam folders
  2. Verify email address is correct and accessible
  3. Contact Adcyma Support with setup information for verification
  4. Company verification process using original registration details

Setup Information for Verification

  • Organization details from initial registration
  • Administrative contact information
  • Original configuration details
  • Billing and subscription information

Security Best Practices

Email Security:

  • Use corporate email addresses when possible
  • Implement SPF, DKIM, and DMARC for your domain
  • Monitor for suspicious authentication patterns
  • Educate users about prompt email checking

User Guidelines:

  • Check email promptly after requesting authentication
  • Don't share authentication links
  • Use links from the same device when possible
  • Report suspicious authentication emails

Entra ID Configuration:

  • Enable multi-factor authentication for all users
  • Configure appropriate conditional access policies
  • Implement group-based access controls
  • Regular review of user permissions and access
  • Monitor Entra ID audit logs

Ongoing Security:

  • Regular access reviews and user audits
  • Implement least privilege principles
  • Monitor authentication patterns
  • Keep security policies updated
  • Plan for SSO availability and backup procedures

Troubleshooting

Email Not Received:

  • Check spam/junk folders
  • Verify email address spelling
  • Wait an hour and try again
  • Ensure corporate email servers aren't blocking emails sent from support@adcyma.com

Link Problems:

  • Links expire after 15 minutes
  • Each link is single-use only
  • Request new link if expired or used
  • Use same device/browser when possible

SSO Issues

Cannot Access Adcyma:

  • Verify Microsoft account has appropriate permissions
  • Check Entra ID group memberships
  • Ensure account is active in Entra ID
  • Contact IT administrator for access issues

Redirect Problems:

  • Clear browser cache and cookies
  • Try different browser or incognito mode
  • Disable browser extensions temporarily
  • Verify correct Adcyma organization URL

Administrator Recovery:

  • Administrators can disable SSO to restore Magic Link access
  • Contact Adcyma Support with company verification if needed
  • Use setup information for identity verification

Administrative Controls

Switching Authentication Methods

To Enable SSO:

  1. Configure Microsoft Entra ID integration in Adcyma Identity provider settings
  2. Notify users of the change
  3. Enable SSO (Magic Links automatically disabled)

To Disable SSO:

  1. Access Adcyma Identity provider settings
  2. Disable SSO authentication
  3. Magic Links immediately become available
  4. Notify users of authentication method change

Planning Authentication Strategy

Consider enabling SSO when:

  • Enhanced security is required
  • Centralized user management is desired
  • Professional authentication experience is needed

Consider using Magic Links when:

  • Rapid deployment is needed
  • No Microsoft infrastructure available
  • Temporary access requirements
  • Email-based authentication is preferred

Getting Started

Adcyma starts with Magic Links enabled by default. Administrators can enable Microsoft Entra ID SSO when ready for enhanced security and centralized authentication management. The choice between authentication methods can be changed at any time based on organizational needs.

For guidance on choosing the right authentication method or configuring SSO, contact Adcyma support for assistance tailored to your organization.