# Authentication and Access Control

## Sign in to Telmai

### General Login Steps

1. Go to the Login Page: Navigate to the Telmai login page.
2. Enter Credentials: Use your registered email address and password.
3. Click "Sign In": Click the sign-in button to access your Telmai account.

### Single Sign-On (SSO) Login Steps

Many organizations use SSO for a more secure and streamlined login experience. If your company uses an identity provider (IdP) like Okta, you'll use this method to log in.

1. Go to the Login Page: Navigate to the Telmai login page.
2. Enter Credentials: Use your registered email address. 
3. If SSO is configured for your account, you will be navigated to the IDP option. If multiple SSOs are configured, you will need to select the desired one.
4. You will be redirected to your organization's identity provider login page.
5. Enter your Company Credentials: Use your standard company username and password to authenticate.
6. Redirect to Telmai: After successful authentication with your IdP, you'll be redirected back to the Telmai Account.

Please click [here](https://docs.telm.ai/telmai/authentication-and-access-control/sso-configuration) to learn more about setting up your SSO configuration.

### Sign in Issues

Potential issues you may face when signing in:

* Account locked out
* User not added to SSO group
* User not added to Telmai account

## Managing Users <a href="#managing-users" id="managing-users"></a>

Telmai allows to create, edit, and delete users via the Manage users UI menu:

<p align="center"> <img src="https://604868671-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MkO3-a8YVu1iq1jP__S%2Fuploads%2FUM4Cq31gxTgzeKlhTTdn%2Fimage.png?alt=media&#x26;token=e15d139e-9530-4101-b8be-a238b5abadac" alt=""></p>

<figure><img src="https://604868671-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MkO3-a8YVu1iq1jP__S%2Fuploads%2FPJlGnQNj5bnUb45OQw9y%2Fimage.png?alt=media&#x26;token=6ab0c184-aa77-4c1d-a745-4fca8c39f2fe" alt="" width="563"><figcaption></figcaption></figure>

### Role-based Access <a href="#role-based-access" id="role-based-access"></a>

Telmai supports project-scoped permissions. Tenant admins are able to modify these permissions accordingly:

| **Role**     | **Add/Modify Users** | **Add, Edit or Delete Source** | <p><strong>Scan source/</strong><br><strong>Schedule Scans</strong></p> | **View scan results** |
| ------------ | -------------------- | ------------------------------ | ----------------------------------------------------------------------- | --------------------- |
| Tenant Admin | x                    | x                              | x                                                                       | x                     |
| Editor       |                      | x                              | x                                                                       | x                     |
| Operator     |                      |                                | x                                                                       | x                     |
| Viewer       |                      |                                |                                                                         | x                     |

To modify user roles,

1. Click “**Manage Tenant Users**” under the user menu
2. Click on the user you would like to modify permissions for
3. “**Project Permissions**” table with different roles
4. Select appropriate roles
5. Click Save