Authentication
Flagsmith supports a variety of authentication methods for logging into the dashboard:
Supported in all versions
- Email and password
- GitHub
Two-factor authentication (2FA)
Two-factor authentication requires a Start-Up or Enterprise subscription.
Enterprise single sign-on (SSO)
Using the following authentication methods requires an Enterprise subscription:
- SAML
- Active Directory (LDAP)
- Microsoft ADFS
Please get in touch in order to integrate with LDAP or ADFS.
Enforcing authentication methods per email domain
You can force users with specific email domains to always use certain authentication methods when they log in to any Flagsmith organisation.
If you are using Flagsmith SaaS or private cloud, contact Flagsmith support. Make sure to mention which email domain(s) and authentication methods you want to allow for your users, and when would be a convenient time to enforce these restrictions.
If you are self-hosting Flagsmith, you can restrict authentication methods per email domain from Django Admin:
- On the Django Admin sidebar, click on "Domain auth methods".
- Click "Add domain auth methods".
- Enter the email domain that these restrictions should apply to, such as
example.com. - Select the authentication methods to allow for this email domain.
- Click "Save".
Disabling password authentication
If you are self-hosting Flagsmith, you can disable password authentication by setting the PREVENT_EMAIL_PASSWORD
environment variable on the Flagsmith API. This will also hide the username and password fields from the login screen.
Note that this does not disable password authentication for
Django Admin.
If you have a private cloud Flagsmith instance, contact Flagsmith support to disable password authentication once you have successfully set up an alternative authentication method.