Authentication is a balancing act.
On one hand, you want to keep your data and systems safe. Conversely, you don’t wish for security measures to get in the way of your team’s productivity.
At Treblle, we’ve been thinking a lot about how to make this easier for you. With Treblle 3.0, we’ve introduced several key authentication features:
- Single Sign-On (SSO)
- Multi-Factor Authentication (MFA)
- Social Sign-On
The aim is to make your workspace safer and accessible without compromising security or convenience.
This blog will introduce you to these new features, explaining how they work, why they’re essential, and how you can use them in your Treblle workspace.
Understanding the Basics
Before jumping into how Treblle integrates these features, let’s quickly define them.
What is SSO (Single Sign-On)?
Single Sign-On (SSO) lets you log in once and access multiple applications or systems without needing to reauthenticate every time.
For example, if your team uses Okta or SAML, you can link it with Treblle to let users log in with their company credentials. This feature leads to no more problems of " forgot password” emails or manually managing account access for each teammate.
What is MFA (Multi-Factor Authentication)?
MFA adds an extra step to the login process, typically requiring something you know (like a password) and something you have (like a mobile authentication app).
This means that even if someone can grab your password, they still can’t get in without that second verification step, which adds a layer of protection.
What is Social Sign-On?
Social Sign-On allows users to log in with existing accounts, such as Google or GitHub. It’s perfect for teams that prefer using existing credentials over creating new ones.
Setting Authentication in Treblle
Now that you know the “what” and the “why,” let’s talk about the “how.”
Setting Up SSO
- Go to the Authentication Settings Page: As a workspace owner, navigate to your workspace’s settings and locate the Authentication section.
NOTE: Only the workspace owner can access this setting.
Treblle Authentication Settings Page
- Select the Authentication Type: You can choose between SAML and OpenID Connect, depending on your identity provider. If unsure, your IT admin or provider’s documentation can help.
Selecting Authentication Type inside Settings
- Input Required Fields: Enter the required information from your identity provider, such as the Assertion Consumer Service URL, Identity Provider Issuer, and Identity Provider Certificate (IdP).
This method ensures secure communication between Treblle and your provider.
Required fields inside SSO configuration
- Save and Test the Configuration: Test the connection once you complete the setup to ensure users can authenticate successfully.
Logging in with SSO
Once you set up SSO, logging in is simple:
- Go to the Sign In page.
Login to Treblle account with SSO
- Click on Sign in with SSO.
- Enter your organization’s identifier, and you're in!
- Log in with your Social Sign In (SSO) - Google or GitHub.
Enabling MFA
Adding an MFA is just as straightforward:
- Go to Account Settings and search for Multi-Factor Authentication.
Multi-Factor Authentication inside Account settings
- Click on Enable MFA.
- A QR code and a password field will appear. Scan the QR code with your authentication app and verify the MFA to save it.
QR code and a password field needed for MFA verification
These steps ensure your workspace stays secure while being easy to access.
How Authentication Works in Treblle
With Treblle’s new authentication features, security and accessibility go hand in hand.
SSO Flow Across Workspaces
Once you enable SSO in a Treblle workspace, team members can log in using their organization’s identity provider.
If someone switches between an SSO-protected workspace and a standard one, Treblle prompts them for extra authentication to ensure no one accidentally stumbles into areas they shouldn’t.
Adding MFA for Extra Security
Layering MFA on top of SSO gives your workspace an additional shield.
For example, after logging in with SSO, a user might also need to enter a six-digit code from Google Authenticator before gaining access. This setup is simple and ensures an extra layer of protection.
Social Sign-On for Flexibility
Social Sign-On offers a quicker way for smaller teams or contractors to start. Instead of creating new accounts, team members can link their Google or GitHub accounts and get straight into the workspace.
Why These Features Matter for Teams
1. Stronger Security
By centralizing login credentials through SSO and adding MFA, you reduce the number of attack vectors for potential breaches.
With fewer passwords, there’s less risk of someone reusing weak or compromised credentials.
2. Better Team Management
SSO simplifies onboarding and offboarding.
When someone joins your team, you don’t need to create accounts manually—just add them via your identity provider.
When someone leaves, revoke access at the provider level, and they’re automatically locked out of Treblle.
3. Flexibility for All Users
Only some people want to log in the same way.
Social Sign-On allows your team to pick what works best for them, whether that’s Google, GitHub, or traditional credentials.
Best Practices for Using Authentication Features
To get the most out of Treblle’s new authentication options, keep these best practices in mind:
- Consistently Enforce MFA: This should be non-negotiable for workspaces handling sensitive data.
- Audit Access Regularly: Check who has access to your workspace and remove anyone who no longer needs it.
- Document Your SSO Policies: Ensure your team knows how to handle login issues or report suspicious activity.
Conclusion
Treblle 3.0 introduces authentication features that secure your workspace without adding unnecessary complexity.
Whether using SSO for centralized login, MFA for added protection, or Social Sign-On for quick access, these tools are here to improve the developer experience when building your APIs and your team.
Try them out and let us know what you think. We’re always looking for ways to improve Treblle for developers like you.
Top comments (0)