Skip to main content
This page describes what signing in looks like from your people’s side. Whether someone signs in directly with Iru or through a provider you already run, they end up in the same place: an app dashboard of the applications they are allowed to use.

How people sign in

By default, Iru Identity is your identity provider: your people sign in to Iru directly, and Iru signs them in to their apps. You can also let them sign in through a provider you already run, in specific situations. Both paths lead to the same app dashboard.

Directly with Iru (default)

The person proves who they are to Iru itself, typically with a passkey - a quick fingerprint, face, or screen-lock gesture - or the Iru Access app. No password required. This is how most people sign in.

Through a provider you already run

The person signs in with an existing provider, such as Google Workspace or Microsoft Entra ID, and Iru continues once the provider confirms them. This federated sign-in is for when you use Iru as an authentication layer into the Iru platform, or to ease a migration onto Iru Identity.
The person always proves who they are with their authenticator - a passkey or Iru Access. Iru then evaluates the relevant authentication policy before granting access. A policy can require a trusted device, so the exact prompts a person sees can depend on the app they are reaching and the rules you have set.
Federated sign-in is configured through an identity provider connection. To set one up, see Federated Authentication.

The app dashboard

Once signed in, each person lands on their own app dashboard. It greets them by name and shows the applications your organization has assigned to them.

Your Applications

Every application the person has access to appears as a tile. Selecting a tile signs them straight in to that app - no separate password for the app itself.

Favorites

People can star the apps they use most so they surface at the top of their app dashboard for quick access.
The app dashboard only ever shows the apps a person is actually assigned, so what each person sees reflects the access you have granted them. To control who sees which apps, see Assigning access.
Selecting an app tile starts a single sign-on into that app. If an app’s policy requires something the person has not satisfied yet - such as enrolling a passkey - they are prompted at that point.

Where to go next

End-user experience

A fuller tour of what your people see and manage in Iru, including their authenticators.

Federated Authentication

Let people sign in through Google Workspace, Microsoft Entra ID, or another provider you already run.

Authenticators

The passkeys and credentials people use to prove who they are.

Authentication policies

What Iru checks between sign-in and access.