Login Methods and Authentication

Learn about the different ways to sign in to Bigmind and manage your authentication settings.

Bigmind offers multiple authentication methods to provide secure and convenient access to your account. Choose the login method that best fits your organization's security requirements and user preferences.

Available Login Methods

Bigmind supports several authentication options:

Email and Password

  • Traditional Authentication: Standard email and password combination
  • Password Requirements: Strong password policies with complexity requirements
  • Password Reset: Self-service password reset via email
  • Account Recovery: Multiple recovery options for account access

Single Sign-On (SSO)

  • Google Workspace: Sign in with your Google/Gmail account
  • Microsoft Azure AD: Integrate with Office 365 and Azure Active Directory
  • SAML 2.0: Support for enterprise SAML identity providers
  • OIDC: OpenID Connect for modern authentication flows

Multi-Factor Authentication (MFA)

  • SMS Verification: Receive verification codes via text message
  • Authenticator Apps: Use Google Authenticator, Authy, or similar apps
  • Email Verification: Backup verification via email
  • Hardware Tokens: Support for FIDO2/WebAuthn security keys

Setting Up Login Methods

Email and Password Setup

  1. Visit the Bigmind sign-up page
  2. Enter your email address and create a strong password
  3. Verify your email address through the confirmation link
  4. Complete your profile setup
  5. Access your organization or create a new one

Google SSO Configuration

  1. Click "Sign in with Google" on the login page
  2. Authorize Bigmind to access your Google account
  3. Complete any additional profile information
  4. Your account is linked to your Google credentials

Microsoft SSO Integration

  1. Select "Sign in with Microsoft"
  2. Authenticate with your Microsoft/Office 365 account
  3. Grant necessary permissions for calendar and contact access
  4. Complete the organization setup if you're the first user

Multi-Factor Authentication Setup

Enabling MFA

  1. Go to Settings > Profile > Security
  2. Click "Enable Two-Factor Authentication"
  3. Choose your preferred MFA method
  4. Follow the setup instructions for your chosen method
  5. Save your backup codes in a secure location

Authenticator App Setup

  1. Download Google Authenticator, Authy, or similar app
  2. Scan the QR code displayed in Bigmind
  3. Enter the 6-digit code from your authenticator app
  4. Confirm the setup and save backup codes

Hardware Security Key Setup

  1. Ensure you have a FIDO2/WebAuthn compatible security key
  2. Select "Hardware Security Key" in MFA settings
  3. Insert your security key when prompted
  4. Touch the security key to complete registration
  5. Test the key by signing out and signing back in

Enterprise SSO Configuration

SAML Integration

For enterprise customers with existing identity providers:

  • Identity Provider Setup: Configure Bigmind as a service provider in your IdP
  • Metadata Exchange: Import IdP metadata and export SP metadata
  • Attribute Mapping: Map user attributes (name, email, groups)
  • Testing: Validate the integration with test users
  • User Provisioning: Set up automatic user creation and deactivation

SCIM Provisioning

  • Automatic User Management: Sync users from your directory
  • Group Synchronization: Map directory groups to Bigmind roles
  • Lifecycle Management: Automatic user creation, updates, and deactivation
  • Audit Logging: Track all provisioning activities

Session Management

Session Duration

  • Default Session: 30 days for regular logins
  • Remember Me: Extended sessions up to 90 days
  • Automatic Timeout: Sessions expire after extended inactivity
  • Concurrent Sessions: Multiple device login support

Session Security

  • Device Tracking: Monitor active sessions across devices
  • Location Verification: Alert on logins from new locations
  • IP Restrictions: Optionally restrict access by IP address
  • Force Logout: Administrators can terminate user sessions

Password Management

Password Requirements

  • Minimum Length: At least 8 characters (12+ recommended)
  • Complexity: Mix of uppercase, lowercase, numbers, and symbols
  • Common Password Protection: Prevention of commonly used passwords
  • Password History: Cannot reuse last 5 passwords

Password Reset Process

  1. Click "Forgot Password" on the login page
  2. Enter your email address
  3. Check your email for the reset link
  4. Follow the link and create a new password
  5. Sign in with your new password

Password Security Best Practices

  • Use Unique Passwords: Don't reuse passwords across services
  • Password Managers: Use tools like 1Password, LastPass, or Bitwarden
  • Regular Updates: Change passwords periodically
  • Avoid Common Patterns: Don't use predictable character substitutions

Organization-Level Authentication

Authentication Policies

Organization administrators can configure:

  • Required MFA: Mandate two-factor authentication for all users
  • SSO Enforcement: Require SSO login for organization members
  • Password Policies: Set custom password requirements
  • Session Policies: Configure session duration and timeout settings

User Provisioning

  • Automatic Enrollment: New users automatically join designated organizations
  • Role Assignment: Default roles based on directory group membership
  • Email Domain Verification: Automatic organization assignment by email domain
  • Invitation System: Controlled user invitation and onboarding

Login Troubleshooting

Common Login Issues

Cannot Sign In

  • Check Credentials: Verify email address and password are correct
  • Account Status: Ensure account hasn't been suspended or deactivated
  • Browser Issues: Clear cookies and cache, try incognito mode
  • Network Problems: Check internet connection and firewall settings

MFA Problems

  • Authenticator Sync: Ensure device time is synchronized
  • Backup Codes: Use backup codes if primary MFA method fails
  • Lost Device: Contact administrator to reset MFA settings
  • Code Not Working: Wait for next code or check app configuration

SSO Issues

  • Identity Provider Problems: Check IdP status and configuration
  • Permission Errors: Verify user has necessary permissions in directory
  • Attribute Mapping: Ensure required attributes are being sent
  • Certificate Errors: Check SAML certificate validity

Security Best Practices

Account Security

  • Enable MFA: Always use two-factor authentication
  • Monitor Sessions: Regularly review active sessions and devices
  • Strong Passwords: Use unique, complex passwords
  • Regular Audits: Review login activity and suspicious access

Organization Security

  • SSO Implementation: Use enterprise SSO for centralized control
  • User Lifecycle: Implement proper onboarding and offboarding
  • Access Reviews: Regularly review user access and permissions
  • Security Training: Educate users on authentication best practices

Compliance and Auditing

Authentication Logs

  • Login Events: Complete log of all authentication attempts
  • Failed Attempts: Track and alert on suspicious login activity
  • Session Activity: Monitor user sessions and device changes
  • Administrative Actions: Log all authentication policy changes

Compliance Features

  • SOC 2 Compliance: Regular security audits and certifications
  • GDPR Compliance: Data protection and privacy controls
  • ISO 27001: Information security management standards
  • Audit Trails: Comprehensive logging for compliance reporting

Getting Help

Support Resources

  • Self-Service: Password reset and basic troubleshooting options
  • Help Documentation: Comprehensive guides for setup and troubleshooting
  • Support Team: Contact support for authentication issues
  • Administrator Tools: Organization admins can assist with user access

Emergency Access

  • Backup Codes: Use saved backup codes for MFA bypass
  • Alternative Methods: Try different authentication methods if available
  • Administrator Recovery: Organization admins can reset user authentication
  • Support Contact: Reach out to Bigmind support for account recovery
Updated 4/16/2025