Identity-based Account Access

How identify-based access works on Osmosis

Caleb Furnas avatar
Written by Caleb Furnas
Updated over a week ago

# Identity-based access for Osmosis

## Overview

When you purchase Osmosis for your school, you need to use identity-based access to grant access to your students and faculty. This article explains what identity-based access is and how to set it up for your school.

## Identity-based access

Identity-based access means that users are granted access to Osmosis based on their identity and attributes. Users must sign in with their email and password or use a single sign-on (SSO) provider such as Google, Facebook, or Azure AD to access Osmosis. Identity-based access is the only method supported by Osmosis because it offers the following benefits:

- **Security**: Users must prove their identity before accessing Osmosis, which prevents unauthorized access and protects your data. You can also use Osmosis's conditional access policies to enforce additional security measures such as multifactor authentication, device compliance, or location restrictions.

- **Flexibility**: Users can access Osmosis from any device and any location, as long as they have an internet connection and a valid account. This allows users to learn at their own pace and convenience, without being limited by network boundaries.

- **Scalability**: Users can easily create and manage their own accounts on Osmosis, without requiring any intervention from your IT staff. You can also use Osmosis's bulk import feature to add or update multiple users at once. Identity-based access can support thousands of users without affecting performance or reliability.

To use identity-based access, you need to configure your Osmosis account settings and provide a list of authorized email domains or SSO providers for your school.

## FAQ

**Q: Why does Osmosis not support network-based access?**

A: Network-based access means that users are granted access to Osmosis based on their network location and IP address. Users do not need to sign in to Osmosis, but they must be connected to your school's network or use a proxy tool to access Osmosis. Network-based access has many limitations and risks that make it unsuitable for Osmosis, such as:

- **Security**: Users do not need to prove their identity before accessing Osmosis, which increases the risk of unauthorized access and data breaches. You cannot use Osmosis's conditional access policies to enforce additional security measures for network-based access.

- **Flexibility**: Users can only access Osmosis from devices and locations that are connected to your school's network or proxy tool. This limits users' ability to learn from anywhere and anytime, and may affect their user experience and satisfaction.

- **Scalability**: Users cannot create or manage their own accounts on Osmosis, which requires more involvement from your IT staff. You also need to provide Osmosis with a list of IP ranges for your school's network or proxy tool, and update it whenever there are changes. Network-based access can support up to 2000 IP ranges per school.

Osmosis is designed to provide a secure, flexible, and scalable learning platform for your school. Therefore, we only support identity-based access, which meets these requirements.

**Q: How do I get started with identity-based access?**

A: To get started with identity-based access, you need to configure your Osmosis account settings and provide a list of authorized email domains or SSO providers for your school. You can find more details on how to do this in this article: How to set up identity-based access for your school.

**Q: How do I troubleshoot issues with identity-based access?**

A: If you encounter any issues with identity-based access, you can check our troubleshooting guide for common problems and solutions:

If you still need help, you can contact Osmosis support and we will assist you as soon as possible.

Did this answer your question?