Skip to main content

User Management with and without SSO in Falcon, as well as Social Login

Learn about the different login options available in Falcon.

Jonas Steeger avatar
Written by Jonas Steeger
Updated this week

Prerequisite: SSO must be activated in the Hub

Before people can be integrated or invited to Falcon via Single Sign-On (SSO), SSO must be set up and activated by the IT department. Only then will the functions described below be available.

SSO is not the same as Social Login

SSO and Social Login are often confused but follow different approaches:

SSO (Single Sign-On):
Uses a central identity provider (e.g., Microsoft Entra ID or Okta), which is managed for the entire organization. Login usually takes place organization-wide via existing work accounts. SSO must be explicitly set up by IT for the Falcon Hub.

Social Login:
Allows login with a personal Microsoft or Google account — regardless of whether this account belongs to the organization. Ideal for smaller teams or individuals without central IT management.

➡️ Falcon offers both options. However, if the hub is configured for SSO, only authentication via SSO is possible.

1. Inviting Users Without SSO

Even after SSO is activated, new accounts can still be created the traditional way using the "Add Person" function and invited via email. Simply do not select an identity provider from the dropdown menu in the invitation dialog. These users will continue to log in with a username and password — as before.

➡️ Recommended use: Ideal for people who do not have access to a connected SSO account (e.g., external consultants, temporary roles, etc.).

2. Direct Invitation via SSO (Dropdown in Invitation Dialog)

When adding new users, you must select an identity provider from the dropdown menu in the invitation dialog. The invited person can then authenticate in this hub exclusively via the selected provider.

When an identity provider is chosen, the invited person will receive an email with a link to log in via the configured identity provider.

➡️ Recommended use: For everyone who is part of your organization and has a connected account.

3. Linking Existing Accounts to SSO Afterwards

Accounts that were created earlier (e.g., before SSO was introduced) can be linked to an identity provider afterwards:

  • In the user management section, right-click on the desired person.

  • Select the “Assign Identity Provider” option in the “Edit Identity Provider” menu.

  • In the modal that opens, select the identity provider.

After confirmation, the account will be managed exclusively via SSO from that point on.

➡️ Note: The email address of the Falcon account must match the email in the identity provider. Once an identity provider is assigned, the email address can no longer be changed

Related Articles
Falcon for users
New login notification
Login with Microsoft or Google (Social Login)
Identity Provider (IdP) – The Foundation for SSO in Falcon
Did this answer your question?