Skip to main content

Authentication

Point supports multiple authentication methods to fit your organisation's security requirements.

Authentication Methods

Username and Password

The default authentication method. Users log in with their email address and password.

Password requirements:

  • Minimum 12 characters
  • At least one uppercase letter
  • At least one lowercase letter
  • At least one number
  • At least one special character

Multi-Factor Authentication (MFA)

MFA adds a second verification step after password entry. Point supports:

  • Authenticator App — Microsoft Authenticator, Google Authenticator, or any TOTP-compatible app
  • SMS — one-time code sent to a registered mobile number
  • Email — one-time code sent to the user's email address

MFA can be configured as:

  • Optional — users can choose to enable it
  • Required for all users — enforced for everyone
  • Required for specific roles — e.g., required for Administrators only

Azure Active Directory (SSO)

Point integrates with Azure AD for Single Sign-On. With SSO:

  • Users log in with their existing corporate credentials
  • No separate Point password required
  • MFA is handled by Azure AD
  • User provisioning can be automated via SCIM

Configuring Azure AD SSO

  1. In Azure AD, register a new Enterprise Application for Point
  2. Configure the following settings:
SettingValue
Sign-on URLhttps://[your-org].pointgroup.io/auth/sso
Identifier (Entity ID)https://[your-org].pointgroup.io
Reply URLhttps://[your-org].pointgroup.io/auth/callback
  1. Download the Federation Metadata XML from Azure AD
  2. Send the XML to support@pointgroup.io to complete the configuration

User Provisioning with SCIM

Point supports SCIM 2.0 for automated user provisioning from Azure AD:

  1. In Azure AD, configure the Point Enterprise Application for provisioning
  2. Set the Tenant URL to: https://[your-org].pointgroup.io/scim/v2
  3. Generate a Secret Token in Point's System Settings → Security → SCIM
  4. Enter the token in Azure AD
  5. Configure attribute mappings (Point's support team can provide the mapping template)

Session Management

SettingDefaultConfigurable
Session Timeout8 hours✅ Yes (1–24 hours)
Remember Me30 days✅ Yes
Concurrent SessionsUnlimited✅ Yes
Force Re-authenticationNever✅ Yes

IP Allowlisting

Restrict access to Point to specific IP addresses or ranges:

  1. Go to System Settings → Security → IP Allowlist
  2. Click + Add IP Range
  3. Enter the IP address or CIDR range (e.g., 192.168.1.0/24)
  4. Add a description (e.g., "Office network")
  5. Click Save
Test Before Enabling

Before enabling IP allowlisting, ensure your current IP address is in the allowlist. Enabling it without including your IP will lock you out.

API Authentication

For API access, Point uses OAuth 2.0 with client credentials. See API Reference for details.

Last updated on by Saeed