User Authentication and Provisioning
CaliberMind is a passwordless system. It doesn't create or store user passwords. Instead, we utilize trusted platforms for user authentication and verification.
Below is a short list of login methods people use for CaliberMind.
For organizations that use Salesforce CRM, CaliberMind offers user authentication via Salesforce Identity services. This method allows users to sign in with their username and password the same way they normally would to login to the Salesforce platform, following the same security measures you've enabled for your organization in Salesforce (automatic sign-in, Two-Factor Authentication, etc.).
Users who choose to authenticate through Salesforce can be reviewed via the Admin console -> Security Center -> "Investigation tool" as outlined here.
If your organization uses Google Workspace, CaliberMind allows user authentication via Google Identity OAuth 2.0. This method allows users to sign in with their company-issued email and self-designated password, which is then authenticated and authorized based on your organization's security protocols (automatic sign-in, Two-Factor Authentication, etc.).
Users who have authenticated through this method can be reviewed via the Audit and Investigation reporting "User Log Events" as outlined here.
If your organization allows users to log in with a Microsoft Account, CaliberMind allows user authentication via the Microsoft Identity Platform. Users must have a Microsoft Account, or the organization must have registered an application with the Microsoft Identity Platform to allow this option. This method allows users to sign in with their Microsoft Account with the same authentication methods required by your organization's user management and security settings.
Users who authenticate through this method can be reviewed via the Monitoring "Sign-in logs" section as outlined here.
If your organization requires service provider (SP) SAML authorization through an identity provider such as Auth0, Okta, Microsoft Azure AD, or OneLogin, CaliberMind offers user authentication via your organization's custom SSO configuration. While this option is available for Enterprise customers or organizations that require additional degrees of authentication control, additional connector fees may apply.
For setup and additional information, please see our KB Article here.
After your organization has finalized a contract with CaliberMind, we will provision your organization's CaliberMind environment. Once this is complete, we will add the email address of your organization's project leads as an Administrator.
When an individual logs into the CaliberMind platform using the email address in an uploaded list with appropriate roles provided to CaliberMind during onboarding, they will automatically be assigned the designated user role.
Inside the CaliberMind platform, there are 3 types of user roles:
- Administrator: Able to add new users, modify user roles, add or remove connectors, configure engagement scoring, configure object manager, download lists, create dashboards, etc.
- Standard: Able to view reports
- Disabled: Blocked from accessing the CaliberMind environment
For individuals who were not previously added as users within the CaliberMind platform, once a user has authenticated their email through one of the available authentication methods, the user's email domain is matched against your organization's website domain used when your CaliberMind environment was first provisioned.
If the user's email domain matches your organization's website domain, then the user is auto-provisioned. Individuals who are auto-provisioned will have a new user created using the "Default New User Role" set for the organization in your Setup Console.
If the "Default New User Role" is set as "Disabled" (this is the option we select when your CaliberMind environment is first provisioned), then the user will be created with a "Disabled" role and will not be able to access your instance. An Administrator will need to change their user role to "Standard" or "Administrator" to allow them access to the system.
If the "Default New User Role" is set as "Standard", then the user will be created with a "Standard" role and immediately gain access to reports.
It's possible for users with email domains that don’t match your organization's domain to be provided with access to your CaliberMind environment. However, a user with Administrator role permissions must manually invite them to provide access. Otherwise, they will be blocked from accessing the system.
For additional information on how to add new users or modify user roles, please see our KB Article here.