Ari Gold, Product Manager Reading estimate: 2 minutes
Let’s Talk Authentication: Social Login Released
Today we’re pleased to announce the release of social login, allowing you to authenticate to Pantheon with your Google identity. Social login is part of a larger drive to let you connect other online services you rely on to Pantheon, and comes on the tail of the release of Cloud Integration Tools. It also adds another option for you to interact with Pantheon without a password, which translates into stronger security and a better user experience.
If you're using Google for email, you’re likely already leveraging Google's 2-step Verification to add another layer of security to your account. Your email account is the key to many kingdoms—if an attacker has access to your email account, it puts them a step closer to gaining access to other accounts using that email address. So you’ll want to make it as secure as possible. Do the login dance there, and then logging into Pantheon is as easy as the click of a button!
No Pantheon Password Required?
If you aren’t already using SSH Keys or Machine Tokens, now’s the time to get them set up too! They are good best practices for authentication, and offer more security than a simple password. So if you care about security, it’s not quite as easy as a “Connect with Google” button, but if you’re using Git, SFTP or Terminus, then it’s worth the time to get them set up.
As an alternative to social login, if your organization manages authentication centrally, we offer integration via SAML. When you set up Single Sign-On for the Pantheon Dashboard, users authenticate against your Identity Provider (IdP). This is a great solution, and actually what Pantheon employees use to log in to the dashboard. You can get started for free with open source tools or services like Okta or OneLogin.
Social login and IdPs both also allow you to set up two-factor authentication (2FA) for the Pantheon dashboard, so in addition to the username and password you have to enter a one time password (OTP) from a SMS, or a device like a Yubikey.
We don’t yet offer “native” two-factor authentication to Pantheon directly. We made the decision to prioritize integration (with SAML and social login) because we know that many of you are already using these services, and that allowing you to centralize authentication along with the 2FA methods you’re already using is higher value than prodding you to manage yet another OTP token tool.
If you’re a developer looking to log in, it’s just as secure—and much easier—to leverage your existing 2FA auth, e.g. via Google or your company’s SAML gateway. If you’re an administrator looking to manage a team, you want to know that adding or removing employees from a central directory will also grant or block access to Pantheon.
That said, as long as we’re on the topic, did you know you can also set up Two Factor auth for Drupal or WordPress? Your customers will thank you. Check out our guide to Secure Your Site with Two-Factor Authentication.
Next on the authentication frontier? We’re open to adding other social login providers, so let us know if you’d find other authentication providers useful. Stay tuned to the blog for more product news, and be the first to hear about new developments by joining our Power Users list.
Discover More
Turning Your Feedback into Pantheon’s Next Big Moves
Jenna Harmon
Reading estimate: 2 minutes
Introducing Monthly Maintenance Windows For Pantheon’s Dashboard and Workflows
Kshitij Dayal (KD)
Reading estimate: 2 minutes
Confessions from a Serial Certifications Collector: Why Become WebOps Certified
Gregg Marshall
Reading estimate: 3 minutes