Here at Labstep, we take security very seriously; this is why we offer our users different ways to authenticate in addition to a standard username and password. If you have other security needs that would require another authentication method not listed here, please get in touch with us.

Labstep Password

Having a Labstep Password is the basic way to log in to Labstep using your username (email address) and password.

To learn how to reset or change your password, please click here

Labstep Password + 2FA

Labstep also offers a premium feature called 2FA (two-factor authentication) for added security. This feature requires you to enter a unique code in addition to your username and password when logging in to your account.

How to Set Up Labstep 2FA

To set up Labstep 2FA, you can go to your account settings and enable the feature. Please note that this feature is only available for premium users. For more information, please click here.

Google Authentication

You can also choose to authenticate via Google instead of using a Labstep password. If you want to use 2FA with this method it must be handled by Google so can be set up in you Google Account settings (see here).

How to Set Up Google Authentication for Labstep

To set up Google Authentication for Labstep, sign up using your Google account. Each time you sign in to Labstep, you'll have to use Google. If at any point you wish to unlink your account from Google, please get in touch with our support team.

Custom SSO (SAML)

You can also choose to authenticate with your own identity provider instead of using a Labstep Password. If you want to use 2FA with this method it must be configured by your service provider and not Labstep.

How to Set Up Custom SSO (SAML) for Labstep

You need to be an admin of your organisation to set up SSO. If SSO is not enabled, please contact us to discuss upgrading your package.

To get started, switch on the SSO toggle switch in your organisation’s admin settings.
After switching the toggle, you will see the ‘Setup Details’ link.
Select Setup Details. A modal will open with the Labstep endpoints to add to your identity provider and with fields in which to enter the parameters from your identity provider. Enter the details of your identity provider here in Labstep, and enter the Labstep endpoints into the relevant settings in your identity provider.
At the end of the setup modal there are two options for switching on SSO - ‘Enable SSO for selected users’ and ‘Enforce for all users’.

Enable SSO for selected users - We recommend using this option to test your SSO configuration before enabling it for the whole organisation. New and existing users (who are not selected) will continue to log in via their email and password at the Labstep login page.

Enforce for all users - We recommend switching this on once you have tested your SSO configuration with the above option. Once this is enabled, the following changes will take effect:
1. Existing users in your Labstep organisation will now be directed to your SSO portal when they enter their email address at the Labstep login page. They will no longer log in with their password.
2. Once new users have been added to the Labstep group in your identity provider, they no longer need to be invited to your Labstep organisation by an admin or set up a password. Instead, these users can go directly to the Labstep login page. Once they enter their email address, they will be directed to your SSO portal to log in.

SSO FAQs

Can our organisation use more than one email domain for our SSO?

At present, we only support SSO for a single email domain. If your organisation uses more than one email domain, please contact us before setting up the SSO.
Can I use multifactor authentication (MFA) with SSO?

Once SSO is enabled, authorisation is carried out through the identity provider, and so multifactor authorisation will need to be configured on your identity provider.

Using Labstep 2FA for Signing Experiments

You can set up 2FA specifically for signing experiments. Setting up 2FA for signing experiments means that users will be required to enter a code from a verified device when signing experiments. This is an extra compliance measure that can help ensure the integrity of your data.