Enhanced Login Experience guide¶
Starting from version 1.50, Lightrun has released a series of improvements to our login experience, designed to boost security, simplify admin workflows, and streamline user experience.
This document is intended for administrators managing the Lightrun environment within your organization. It covers the experience, the process for upgrading your organization to the updated experience, and the rollout timeline.
Single login experience¶
The Lightrun login experience offers a seamless, secure, and intuitive process with features designed to improve usability for both users and administrators.
For users:
- Dedicated Login Page: A simplified login experience that shows only the relevant method for each user, reducing clutter and confusion.
- Onboarding Emails: New onboarding emails instruct users on how to log in, boosting adoption and engagement right from the start.
For administrators:
- Single Login Method: More control and security by allowing users to log in only via the selected method, such as SSO. This reduces risk and simplifies management.
- Enhanced Identity Configuration: A user-friendly interface tailored to your selected login method, making configuration easier than ever.
- Email verification for users: Mandatory email verification is required to prevent issues like fictitious emails or typos, enhancing data accuracy and security.
- No more initial password setup: Admins no longer need to set user passwords. Users will now receive an email to set up their own, improving security and user experience.
- Password generation for non-SMTP environments: Admins can now generate passwords for new users in non-SMTP environments and manually send them, ensuring smooth onboarding.
FAQs¶
Functionality¶
Question: What login methods are supported by Lightrun?
Answer
Lightrun supports the following login methods:
- Password: Users log in using username/password. Credentials are managed by Lightrun. This method allows for personalized security but requires users to remember their chosen password.
- Google authentication: Users log in with their Google account credentials.
- Single Sign-On (SSO): Users log in using organizational credentials stored in your Identity Providers (IdPs) like Okta or Microsoft Entra ID (formerly known as Azure AD).
For more information, see Manage user login and authentication.
Question: Can SSO and Google or Password login methods be used in simultaneously?
Answer
No, only a single login method can be enabled per organization.
Activating the new experience¶
Question: Will the login experience be active when upgrading to 1.50?
Answer
No, as SaaS and single tenant users, you will see a new login dialog requesting your email. After entering your email, the login process remains unchanged. To get the new experience, admins need to actively upgrade to the new experience.
Question: What versions and deployment types support the enhanced login experience?
Answer
The new login experience is available from version 1.50 for all Lightrun deployment types: SaaS, Single tenant, and on-premise.
Question: How do I activate the new login experience?
Answer
The new login experience impacts all the users in the organization and must be activated manually by the administrator after upgrading to version 1.50 or later.
To activate the enhanced experience:
- Upgrade to version 1.50 or later.
- Navigate to the Identity Configuration page in the Lightrun Management Portal.
- Click Activate to enable the new experience.
The change is permanent and cannot be reverted once activated.
Question: Can I revert to the previous experience after activating the new one?
Answer
No, reverting to the previous login process is not possible once the new experience is enabled. This is an essential change designed to enhance security and usability, ensuring a more seamless and streamlined experience.
Question: Can I select the password login method if an SMTP server is unavailable?
Answer
Yes, you can select the password login method even if an SMTP server is unavailable. For more information, see Set up password login without an SMTP service.
Question: My organization has both SSO and self-service options available. With the new experience, administrstors can choose only one method. What should I do?
Answer
When selecting a single login method, the following changes will occur:
- If you select SSO: Users currently accessing their accounts with a password will encounter an error message. To restore access, these users must be added to your identity provider (IdP).
- If you select Password: Users currently using SSO will automatically receive an activation email prompting them to set a password and activate their account.
Rollout and timeline¶
Question: Is it required to switch to the new login experience?
Answer
The new login experience is intended to become the default. To allow organizations sufficient time to plan, both current and new experiences will run in parallel until mid-2025. A 90-day notice will be issued before the cut-off date to provide ample time for preparation.