Authentication
Authentication
Karolina supports multiple authentication methods to fit your organization’s security requirements.
Standard Login
The default login method using email and password.
Signing In
- Navigate to app.karolina.ai
- Enter your email address
- Enter your password
- Click Sign In
Password Requirements
- Minimum 8 characters
- At least one uppercase letter
- At least one number
- At least one special character
Resetting Your Password
If you forgot your password:
- Click Forgot Password on the login page
- Enter your email address
- Check your inbox for a reset link
- Follow the link to set a new password
Reset links expire after 24 hours.
Single Sign-On (SSO)
SSO allows you to authenticate using your organization’s identity provider.
Supported Providers
| Provider | Protocol |
|---|---|
| Okta | SAML 2.0, OIDC |
| Azure AD | SAML 2.0, OIDC |
| Google Workspace | OIDC |
| OneLogin | SAML 2.0 |
| Generic SAML 2.0 | SAML 2.0 |
Setting Up SSO
Only organization admins can configure SSO.
- Go to Settings → Security
- Click Configure SSO
- Select your identity provider
- Enter the required configuration details:
- Entity ID:
https://karolina.ai/saml/{organization-id} - SSO URL: From your identity provider
- Certificate: X.509 certificate from your IdP
- Entity ID:
- Click Save Configuration
- Test the connection
- Enable SSO for your organization
SSO Login
Once SSO is configured:
- Go to app.karolina.ai
- Click Sign in with SSO
- Enter your organization email
- You’ll be redirected to your identity provider
- Authenticate with your IdP credentials
- You’ll be automatically logged into Karolina
SAML 2.0 Configuration
For organizations with custom SAML implementations:
Required SAML Attributes
| Attribute | Required | Description |
|---|---|---|
email |
Yes | User’s email address |
firstName |
Yes | User’s first name |
lastName |
Yes | User’s last name |
groups |
No | Group memberships for RBAC |
Service Provider Details
Entity ID: https://karolina.ai/saml/metadata.xml
ACS URL: https://karolina.ai/api/auth/saml/callback
SLO URL: https://karolina.ai/api/auth/saml/slo
Multi-Factor Authentication (MFA)
MFA adds an extra layer of security to your account.
Enabling MFA
- Go to Settings → Profile → Security
- Click Enable MFA
- Scan the QR code with your authenticator app
- Enter the verification code
- Save your backup codes in a secure location
Supported Authenticator Apps
- Google Authenticator
- Authy
- 1Password
- Microsoft Authenticator
- Any TOTP-compatible app
Session Management
Session Duration
- Default session: 7 days
- SSO sessions: Synchronized with IdP
- Concurrent sessions: Up to 3 devices
Signing Out
Click your avatar → Sign Out to end your current session.
Troubleshooting
| Issue | Solution |
|---|---|
| Can’t receive password reset email | Check spam folder, verify email address |
| SSO not redirecting properly | Clear browser cookies, check IdP settings |
| MFA codes not working | Check device time sync, use backup codes |
| Locked out of account | Contact admin or [email protected] |
Next Steps
Once authenticated, proceed to onboarding to set up your workspace.