> ## Documentation Index
> Fetch the complete documentation index at: https://docs.withorb.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

Orb's system supports a handful of login and authentication methods to help ensure the security of your Orb account.

These methods include:

* Password login
* [OAuth login with Google or Microsoft](#google-and-microsoft-login)
* [SAML SSO login (included only on certain plans)](#saml-sso)

Account Admins are able to make changes to the authentication configuration by visiting the "Security" tab under "Settings."

<img src="https://mintcdn.com/orb-9bba378a/2A5OiQ38Rzt8eVDS/images/overview.png?fit=max&auto=format&n=2A5OiQ38Rzt8eVDS&q=85&s=ff604b0f0027315a524ca6da65b63296" alt="Overview" width="2100" height="1220" data-path="images/overview.png" />

<Note>
  Multiple login methods may be enabled at one time. This can be useful for
  cases like system migrations, multiple auth systems, and more.
</Note>

### Inviting users

Account Admins can invite new users to join your Orb account by visiting the "Users" tab under "Settings."
In order to login to Orb, users are required to have been invited by an Account Admin.
If an invited user has not accepted their invite, Account Admins can resend the invitation email from that user's actions menu.

<img src="https://mintcdn.com/orb-9bba378a/TFjsittdTxe63RXZ/images/add-user.png?fit=max&auto=format&n=TFjsittdTxe63RXZ&q=85&s=434fc5a624d29a12625a350f1d29e55f" alt="Add user" width="2536" height="1170" data-path="images/add-user.png" />

#### User roles

Orb supports three user roles, "Admin", "Editor", and "Viewer":

| Role       | Description                                                                                                                                                                                   | Key restrictions                                                                                      |
| :--------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------- |
| **Admin**  | Full control, including managing user access and permissions, setting up integrations and exports, and viewing audit logs.                                                                    | None                                                                                                  |
| **Editor** | Create, update, and manage core billing objects (plans, subscriptions, metrics, etc.); access simulation and reporting tools; monitor and re-sync integrations (Admins retain setup control). | Set up account-wide settings, integrations, or exports; lock/unlock accounting periods; manage users. |
| **Viewer** | Read-only access to all core billing objects, simulation and reporting tools, and settings.                                                                                                   | Create, edit, or delete anything; manage users.                                                       |

### Changing allowed authentication methods

<Note>
  By default, your Orb account will start with password and Google-based login
  enabled.
</Note>

You can turn on and off all available login methods within the "Security" page.
This can be done by clicking the button or dropdown on the associated login method.

<img src="https://mintcdn.com/orb-9bba378a/81AJlpHJ0tfWnzrL/images/dropdown.png?fit=max&auto=format&n=81AJlpHJ0tfWnzrL&q=85&s=c8aab1fa9458ebcf7647eec3315ea1be" alt="Dropdown" width="2076" height="1204" data-path="images/dropdown.png" />

<Note>
  Set the login method to required if you want all users to login with that
  method. This option is available on the login method's dropdown.
</Note>

### Google and Microsoft login

You can use your existing Google or Microsoft account to login to Orb.

Login domains can be restricted to only allow login from those specified domains.
By default, specifying no domain allows for any domain to login.
Note that users will still need to have been invited ([see above](#inviting-users)) to login.

<img src="https://mintcdn.com/orb-9bba378a/w7VuLoqrCaLK7or4/images/restrict-domains.png?fit=max&auto=format&n=w7VuLoqrCaLK7or4&q=85&s=0d2803fec193e3be0405828ae06d201e" alt="Restrict domains" width="2082" height="1320" data-path="images/restrict-domains.png" />

### SAML SSO

<Note>
  Login via SAML SSO is not supported by default on all plans. Please contact
  your Orb representative if you have any questions.
</Note>

Orb supports logging in via SAML SSO.
Connections can be created, edited, and deleted all within the "Security" page by an account admin.

<img src="https://mintcdn.com/orb-9bba378a/2A5OiQ38Rzt8eVDS/images/overview-with-sso.png?fit=max&auto=format&n=2A5OiQ38Rzt8eVDS&q=85&s=390101d44e24699462b8be75460dcfc8" alt="Overview with SSO" width="2106" height="952" data-path="images/overview-with-sso.png" />

To create a connection, use the "+ Add SSO Connection" button.

<img src="https://mintcdn.com/orb-9bba378a/81AJlpHJ0tfWnzrL/images/create-sso-connection.png?fit=max&auto=format&n=81AJlpHJ0tfWnzrL&q=85&s=5b6fd945e1db7222b16203aa0042fa8e" alt="Create SSO connection" width="2032" height="810" data-path="images/create-sso-connection.png" />

This connection will be added to the existing connection list in a disabled state.
Hitting "Configure" will present you with the following screen to setup your connection.

<img src="https://mintcdn.com/orb-9bba378a/2A5OiQ38Rzt8eVDS/images/edit-sso-connection.png?fit=max&auto=format&n=2A5OiQ38Rzt8eVDS&q=85&s=e8f3ff55e3e8396fb2e74c17158447d1" alt="Edit SSO connection" width="1478" height="1434" data-path="images/edit-sso-connection.png" />

You can also use the "Edit" button on an existing SSO connection to edit its values.

SAML SSO connections requires a couple of values from the attribute mapping.
These values are:

1. Email
2. Name in either of the following forms:
   * Full name
   * First name and last name

### Login flow

You can login to your Orb app by visiting our [login page](https://app.withorb.com).
The flow to login is only a few, simple steps that ensures the security of the Orb product.

You'll first be prompted to enter your email before continuing.
Orb uses your email to determine which organizations to select for login.

<img src="https://mintcdn.com/orb-9bba378a/2A5OiQ38Rzt8eVDS/images/email-entry.png?fit=max&auto=format&n=2A5OiQ38Rzt8eVDS&q=85&s=0ac87d4a964951f07e5041bb96a691c0" alt="Email entry" width="914" height="860" data-path="images/email-entry.png" />

If there are multiple Orb organizations associated with your email, you'll have to select the relevant organization you wish to login to.
If there is only one organization associated with your email, you will not see this page.

<Note>
  Multiple Orb organizations are not included with all Orb billing plans by
  default. Please reach out to your Orb representative if you have any
  questions.
</Note>

<img src="https://mintcdn.com/orb-9bba378a/2A5OiQ38Rzt8eVDS/images/organization-select.png?fit=max&auto=format&n=2A5OiQ38Rzt8eVDS&q=85&s=438a1b14c1ae4cbb1a9fb67d5913a094" alt="Organization select" width="942" height="948" data-path="images/organization-select.png" />

Afterwards, you'll be prompted to login with your login method of choice.

If your organization has been configured with only one login method and that method is SAML SSO or OAuth, you'll be directly routed to the applicable login page.

<img src="https://mintcdn.com/orb-9bba378a/2A5OiQ38Rzt8eVDS/images/login-screen.png?fit=max&auto=format&n=2A5OiQ38Rzt8eVDS&q=85&s=0954e9b3418eed10f252a01b841a16f8" alt="Login screen" width="886" height="1252" data-path="images/login-screen.png" />

## Switching organizations

As mentioned above, some customers may have access to multiple organizations.
When this is the case, Orb's portal allows for easy switching between organizations by accessing the information menu in the bottom left of the Orb UI.

<img src="https://mintcdn.com/orb-9bba378a/2A5OiQ38Rzt8eVDS/images/organization-switcher.png?fit=max&auto=format&n=2A5OiQ38Rzt8eVDS&q=85&s=68e9e930fb3303e805c078fd19c262ca" alt="Organization switcher" width="958" height="532" data-path="images/organization-switcher.png" />