Skip to main content

User access & authentication management

Updated this week

Managing user access and authentication is an important part of keeping your Intigriti organization secure and well structured. This article explains how you can manage authentication methods for company members, invite members to your company or specific programs, and deactivate members when access is no longer needed.

⚙️ Roles: Company Admin

Invite members

You can invite new members to your organization either from the company settings or directly from a program. The available options depend on where you start the invitation.

Invite company members

Use this option when you want to add someone to your organization first.

  1. Go to Admin and open Company members.

  2. Select Add member.

  3. Enter the member’s email address.

  4. Choose the company role: member or admin.

  5. Choose how the member will sign in. If single sign-on is enabled, you can choose between password or single sign-on.

  6. Add a personal message to the invitation if needed.

  7. Send the invitation.

After you send the invitation, the user receives an email to create an Intigriti account. You can track the invitation in the Invites tab. Once the user completes registration, they appear in the Members list.

Invite program members

Use this option when you want to invite someone directly to a specific program.

  1. Open the program.

  2. Go to Members.

  3. Select Add member and then Add new member.

  4. Enter the member’s email address.

  5. Choose the program role: reader, member, editor or admin.

  6. Choose how the member will sign in. If single sign-on is enabled, you can choose between password or single sign-on.

  7. Add a personal message to the invitation if needed.

  8. Send the invitation.

After you send the invitation, it is visible in both the program’s Members section and in the Admin Company Members section.

Once the invitation is accepted, the user gains access to the program with the role you assigned.

If the invitation expires before it is accepted, you can resend it from Admin > Company members. Resending an invitation is not possible from the program view.

Configure authentication method

You can configure how company members authenticate from the company members overview.To configure an authentication method:

  1. Go to the Admin section.

  2. Open Company members.

  3. Locate the company member you want to manage.

  4. Open the member’s action menu.

  5. Select the authentication method:

    • Password, which uses Intigriti-specific credentials.

    • Single sign-on, which uses your configured identity provider credentials. To use this option, you must first activate an SSO integration.

  6. Save your changes.

After saving the authentication method, the company member receives an email with setup instructions.

⚠️ Beware: This setup must be completed within 24 hours before the invitation expires. If the invitation expires before setup is completed, you can resend the invitation as needed.

Company members who use password-based authentication can optionally enable two-factor authentication to add an extra layer of security during sign-in.

💡 Note: Two-factor authentication cannot be enforced at the company level. Each company member can choose whether to enable it for their own account.

From password to SSO

Enabling single sign-on switches the company member from using Intigriti credentials to authenticating through your configured identity provider.

After SSO is enabled, the company member receives an email with setup instructions. Once the setup is completed, the member no longer uses Intigriti-specific credentials. For security reasons, the member’s password and any two-factor authentication backup codes are permanently removed.


From SSO to password

Disabling single sign-on switches the company member from logging in via the identity provider to using Intigriti credentials.

After SSO is disabled, the company member receives an email with instructions to set up password-based access. Once the change is complete, the member is no longer redirected to the identity provider when signing in and instead logs in using an Intigriti password of their choice.

If the member’s previous Intigriti credentials were removed for security reasons, they are prompted to create a new password during setup.

Deactivate members

If a member should no longer have access, you can deactivate their account. Deactivated members can no longer sign in to the Intigriti platform. To deactivate a company member:

  1. Go to Admin and open Company members.

  2. Locate the member you want to deactivate.

  3. Open the member’s action menu.

  4. Select Deactivate member.

Once deactivated, the member immediately loses access to the platform.

💡Note: Users cannot be permanently deleted from the platform. This ensures that all past actions remain traceable and auditable.

Best practices

  • Review company members regularly and deactivate users who no longer need access.

  • Use single sign-on where possible to centralize access management and align with your internal security policies.

  • Encourage company members using password-based authentication to enable two-factor authentication for added security.

  • Monitor pending invitations and resend expired invites promptly to avoid onboarding delays.

  • Assign roles carefully and follow the principle of least privilege when inviting members and granting access.

Related articles

Did this answer your question?