Configure Preferences
This guide walks users through the process of recovering their ALTR Username or Organization ID.
ALTR employs tenant-based authentication, where users must submit their tenant (Organization) and username along with relevant authentication factors (password, etc.). ALTR identifies different tenants through the user of an Organization ID which must be provided when signing into ALTR. This is done by entering an organization ID on ALTR's login page.
Tip
After entering an organization ID, users are directed to a login URL specific to their organization. You can favorite this URL to skip entering an Organization ID during future logins.
After specifying an organization, users must enter a username, password, and 2-factor authentication code to log in. Usernames are a case-sensitive unique identifier for an ALTR user that is specified when a user's account is created.
If an ALTR user forgets their Organization ID or Username, they can recover this information in a Organization ID and Username recovery email. There are two different ways to trigger this email:
Click the
buttonEnter the email address associated with your ALTR account.
Click the
button.
Click the
button.Enter the email address associated with your ALTR account.
Click the
button.
If there is an email address associated with at least one ALTR account, this flow will trigger an email including a list of all organization IDs and Usernames associated with email address. The organization IDs in this email include links to the relevant organization-specific login page to make it easier to log into ALTR.
Caution
Didn't get an email? Make sure that you entered your email address correctly. Additionally, make sure you are using the URL for the correct ALTR environment. For instance, you cannot recover the username for an ALTR altrnet.live organization from a different environment's URL.
Users who need to reset or wish to update their ALTR password can do so in a variety of ways.
This guide walks users through changing their ALTR password from ALTR's Settings page.
ALTR users can update their passwords from the User Preferences page,
ALTR users can update their passwords from the User Preferences page,
→ → . Follow the below steps to change your ALTR password.Enter your existing ALTR password.
Enter your new ALTR password. This password must meet ALTR's password requriements.
Confirm your new ALTR password.
Click the
button.
ALTR Password Requirements
When creating new passwords, the following requirements must be met:
The password must be different than previously-used passwords.
The password must be between 8 and 64 characters.
The password must include at least one capital letter.
The password must include at least one number.
The password must include at least one symbol..
This guide walks users through resetting their ALTR password from ALTR's login page. If Single Sign-On is enabled for your organization, you are not able to reset your password.
If a user has forgotten their ALTR password, they can reset it through a password reset email. To trigger a password reset email:
Navigate to your organization's ALTR login page
Click the
buttonEnter your ALTR username
Caution
ALTR usernames are case sensitive. If you have forgotten your ALTR username, follow our guide for recovering your username and organization ID.
Click the
button.
If the username is valid, an email will be sent to that user's email address with a link to reset their password.
Caution
If you did not receive an email, you may have mistyped your username or may be attempting to log into the wrong ALTR organization. See ALTR's guide for recovering a Username and Organization ID.
Follow the below steps to reset your ALTR password:
Click the link provided in the password reset email
Enter a new ALTR password. This must meet ALTR's password requirements.
Confirm the new ALTR password.
Click the
button.
Once completed, your password will be updated and you can log into your ALTR account with the new password.
ALTR Password Requirements
When creating new passwords, the following requirements must be met:
The password must be different than previously-used passwords.
The password must be between 8 and 64 characters.
The password must include at least one capital letter.
The password must include at least one number.
The password must include at least one symbol..
Two-factor Authentication (2FA) is a security method that applies an additional layer of security when authenticating into a software system. Instead of relying on solely a password for authentication, 2FA introduces an additional factor, typically taking the form of a code or biometric information, that must also be provided for authentication. 2FA makes authentication systems more resilient by making it more difficult for malicious users to impersonate valid users, especially if users use a weak or compromised password.
Two-Factor Authentication in ALTR
ALTR administrators are not required to provide a 2FA token when authenticating through Single Sign-on (SSO). When SSO is enabled for an organization, ALTR defers all authentication methods to the configured identity provider (IdP).
Select 2FA Methods for Your Organization
ALTR Super Administrators control which 2FA methods are available for users within an organization. If a 2FA method is disabled for an organization, any users currently using that method will be prompted to update their 2FA during their next login.
To select the 2FA methods available for your organization:
Select Navigation menu.
→ in theClick the Organization tab.
Under Allowed Two-Factor Authentication Settings, select the 2FA methods you want available for your organization.
Click Save.
Set the 2FA Method for Your Account
Individual ALTR users are promoted to configure their 2FA when first creating their ALTR account. If the 2FA method is updated, users are prompted to confirm receipt of a 2FA code before the method can be updated.
To set the 2FA method for your account:
Select Navigation menu.
→ in theUnder Update Two-Factor Authentication Settings, select a 2FA method.
Click Save.
Organizations are tenants in ALTR's SaaS platform. To ensure segregation of customer information, each ALTR tenant is logically separated into units called organizations.
Organizations have a unique identifier used when logging into ALTR. A single customer may choose to leverage multiple separate ALTR organizations to logically organize their use of ALTR across different platforms and accounts.
To view/update information about your organization:
Select Navigation menu.
→ in theClick the Organization tab. There are several settings:
This section has information regarding your organization:
ALTR Organization ID—A unique identifier for your organization. This ID is also used in the subdomain used to access the ALTR UI.
Organization Name—A non-unique cosmetic identifier for your organization.
If your organization was created from Snowflake Partner Connect, these settings are used to update that configuration.
Host Name—Host name of your Snowflake instance.
Service User Name—Name of the Snowflake service user associated with the ALTR organization.
ALTR's authentication system requires users to enter a 2FA code in addition to a username and password. Learn more about 2FA in ALTR.
ALTR supports the following 2FA methods:
Authenticator App—Connect to a third-party authentication application, such as Google Authenticator or Authy, to automatically generate temporary one-time passwords (TOTP) for 2FA
SMS—Send a text message (SMS) with a one-time 2FA code to the phone number associated with the account.
Warning
SMS-based 2FA is generally considered insecure relative to other 2FA methods. ALTR recommends only using SMS-based 2FA when absolutely necessary.
E-Mail—Send an email with a one-time 2FA code to the email address associated with the account.
ALTR administrators are not required to provide a 2FA token when authenticating through Single Sign-on (SSO). When SSO is enabled for an organization, ALTR defers all authentication methods to the configured identity provider (IdP).
The list of registered domains limits the email address domains that can be used when inviting ALTR administrators. To update this list, contact ALTR Support.
ALTR enables clients to export audit log data to an AWS S3 bucket which can then be ingested into logging tools or used to trigger notifications in external systems. Learn more about setting up S3 integration.
Single Sign-On
Single sign-on enables users to authenticate into multiple applications with a single login. In corporate environments, this is typically done through an Identity Provider (IdP). Users authenticate through their IdP with a username, a password and a two-factor authentication method, which then grants them access to provisioned software applications known as a service providers (SPs).
With SSO enabled, users only need to remember one set of credentials, making it easy to access all of their provisioned software applications. Additionally, SSO enables IT administrators to control access to software by user and by application.
System for Cross-domain Identity Management
System for cross-domain identity management enables IT administrators to easily create, modify and remove identities from third-party software applications using their IdP. This makes it easy to manage user accounts, as the IT administrator does not need to log into or understand the third-party system in order to manage identities in that system.
Differences Between SSO and SCIM
SSO strictly handles authentication to a service provider through an IdP. If only SSO is configured for a software application, identities still have to be created in that application before a user can access it. Once the identity is created and the corresponding user is provisioned access to the application in the IdP, that user is able to authenticate (log in) to that application using their IdP. When a user is deprovisioned to an application through their IdP, their identity will still exist in that application, but they will no longer be able to log in.
SCIM handles the creation, modification and removal of identities in a service provider. If only SCIM is configured for a software application, identities are automatically created, modified and removed for users of an application as they are provisioned access to the application in their IdP; however they must still manually authenticate with a separate set of credentials.
Configure SSO for ALTR
ALTR super administrators for Enterprise ALTR organizations are able to configure SSO. When configured, SSO enables ALTR administrators to sign into ALTR through their IdP instead of using an ALTR username, password and two-factor authentication code. Once configured, users must sign in using SSO; username and password authentication is disabled
When authenticating users via SSO, ALTR identifies users based on their username in ALTR and equivalent identifier in their IdP. This lookup is case sensitive. Before configuring SSO, ensure usernames in ALTR exactly match the usernames in their identity provider. If these usernames do not match, the administrator will not be able to sign into ALTR once SSO is enabled.
If SSO is enabled, but not SCIM, ALTR administrators must still be manually created before a user can access ALTR.
ALTR supports SSO with SAML 2.0 protocol for the following IdPs:
Okta
Microsoft Entra ID
For help configuring SSO with other IdPs, contact ALTR Support.
To configure SSO for ALTR:
Integrate either Okta or Microsoft Entra ID with ALTR for SSO.
Log into ALTR as a super administrator.
Select Navigation menu.
→ in theClick the SSO/SCIM tab.
Enter the Provider URL given by the IdP.
Select the IdP: Microsoft Entra ID or Okta.
Click the Enable SSO button.
Log into ALTR through your IdP.
Disable SSO
If SSO is disabled, administrators must reset their ALTR password before signing into ALTR. They will be prompted to re-configure their two-factor authentication settings.
To disable SSO for an organization, contact ALTR Support.
Configure SCIM in ALTR
ALTR super administrators for Enterprise ALTR organizations are able to configure SCIM. When configured, ALTR defers all activity for creating, modifying and removing administrators to ALTR's SCIM API, which is used by the configured IdP. Creating, modifying, and removing administrators through ALTR's UI and API is disabled when SCIM is enabled.
ALTR supports SCIM using the SCIM 2 protocol with Okta. For help configuring SCIM for other IdPs, contact ALTR Support.
To configure SCIM in ALTR:
Set up and configure SSO with ALTR.
Integrate Okta with ALTR for SCIM.
Disable SCIM
If SCIM is disabled, ALTR retains all administrator information from the time that SCIM was disabled. If SCIM is disabled, creating, editing, and deactivating admins through ALTR's UI and Management API is reenabled.
To disable SCIM for an organization, contact ALTR Support.