• Introduction 
• Login methods 
• Login Security Levels 
  • Security Levels Overview 
  • Enabling Security Level 2 
  • Impact of Security Level 2 Activation on Native Applications 
• Single Sign On 
  • How does Organization SSO work? 
  • Enable SSO for Existing Accounts
  • SSO Login Procedure Based on Organization Identification 
• Dartfish 2FA  

Introduction 

Dartfish offers three convenient login options to suit different needs: the standard Dartfish Login (using your username/email and password), Social Sign-in (signing in through accounts like Facebook, Apple, or Google), and Organization SSO (via your organization’s identity provider, such as Entra ID, OKTA, Onelogin or Auth0). 

To manage access based on security needs, the Login Security Levels system is in place. Either Dartfish Login or Social Sign-in grants access Level 1, while Level 2 requires a higher security method, such as Organization SSO or a Two-Factor authenticated Dartfish Login (2FA). This ensures that users are directed to the appropriate login method for secure content access. 

Login methods 

Dartfish.tv offers three login methods to enhance accessibility and security: Dartfish Login (username/email and password), Social Sign-in (using social accounts like Facebook, Apple, or Google), and Organization SSO (integrated with an organization's Identity Provider, such as Entra ID, OKTA, Onelogin or Auth0).  

    Sign in Methods 

1. Dartfish Sign in - Users log in with a dartfish.tv username/email and password.
2. Social Sign-in - Users can log in using their social accounts, such as Facebook, Apple, or Google
3. Organization SSO - Users sign in using their organization's Identity Provider (IdP), such as Entra ID, OKTA, Onelogin or Auth0.

With dartfish.tv login, users must manually create an account through the “Create an account” process, whereas it is created automatically during the first login via Social Sign-In or Organization SSO.  

The account includes: 

• Email: Defined during the account creation process. 
• Username: Automatically generated using the email address provided (i.e., the portion before the “@”). Users can modify their username in the Account Settings. 
• Password: Defined during account creation for Dartfish login but optional for Social Sign-in and Organization SSO users. 

Login Security Levels 

The Dartfish.tv Login Security Levels system enforces differentiated access based on login security. Level 1 allows access via Dartfish Login (username/password without 2FA) or Social Sign-in, suitable for less sensitive content, while Level 2 requires Organization SSO or 2FA-enabled Dartfish Login for high-security channels. Clear user guidance ensures correct login methods are used. The system prompts re-authentication for users accessing channels with higher security requirements. This approach balances strong security with seamless user experience across platforms. 

Security Levels Overview 

•  Level 1: Access via Dartfish Login (username/password without 2FA) or Social Sign-in (e.g., Facebook, Google) - suitable for less sensitive content. 
• Level 2: Access via Organization SSO or Dartfish Login with Two-Factor Authentication (2FA). 

• Required for accessing high-security channels. 
• Security Level 2 can be enabled by the channel administrator via the admin section. 

When logging in to dartfish.tv, the user will be informed if one or more of his/her subscriptions require Security Level 2. 

Enabling Security Level 2 

To enable Security Level 2 on your channel, follow these steps: 

• Set up Organization SSO with the assistance of Dartfish. 
• Activate Security Level 2 from the admin section of your channel, as illustrated below:  

Once Security Level 2 is enabled, an additional layer of security is applied to all private content. Users will be required to authenticate either through Organization SSO (which ensures they are verified members of your organization) or by logging into their Dartfish.tv account with two-factor authentication (2FA) enabled. 

Users who do not meet these security requirements will only have access to public content or content shared via a direct sharing link. 

Impact of Security Level 2 Activation on Native Applications 

Activating Security Level 2 on a channel also affects native applications such as Dartfish Software, Express, Note, and Branded Apps. 

Users can continue using the apps currently installed, but they will no longer be able to interact with the organization's channel in the following ways: 

• Viewing or downloading content from a collection 
• Publishing content to the channel 

To regain full access and interaction, users must: 

• Update their apps to the latest available version 
• Log in via SSO or using their Dartfish.tv account with 2FA enabled 

It is important to note that the latest versions of native apps now feature the same login panel as the web app, ensuring a consistent authentication experience across platforms. 

Single Sign On 

SSO is available on Dartfish.tv Unlimited and Giga. It allows members to access Dartfish.tv tools through IdPs that support OpenID Connect (OIDC) based on OAuth 2.0 protocol. 

Single Sign-On (SSO) is an authentication method that enables users to securely log in to multiple applications and websites using a single set of credentials. It simplifies login, enhances security, and streamlines user account management. 

Why enabling SSO: 

1. Users only need one set of credentials to access multiple systems, reducing the need to remember multiple passwords. 
2. Stronger authentication methods, such as MFA (Multi-Factor Authentication), can be enforced centrally via the Organization’s IdP (Identity Provider) console. 

How does Organization SSO work? 

Organization SSO allows connecting with identity providers (IdP) that support the OpenID Connect (OIDC) based on OAuth 2.0 protocol (for example Okta, Auth0, OneLogin, and others). 

In short, it works like this: 

1. An Organization Admin configures an SSO profile for the team’s domain (access to the identity provider is required). A separate document provides step-by-step guidance. 
2. Our team reviews the user’s access within Dartfish.tv to enable the SSO profile. 
3. Once the SSO profile is enabled, all users with this domain can use the ‘Organization SSO’ button on our login pages to access Dartfish.tv via SSO. 
4. When users click the ‘Organization SSO’ button, they will be redirected to the IdP login page to authenticate. If MFA is enabled in the organization’s IdP, the user will need to complete an additional authentication step. The very first time, the user will need to authorize dartfish.tv to access user information from the IdP — we only use the user ID and email address. 

Enable SSO for Existing Accounts

For an organization looking to implement SSO for its members, the following points should be considered: 

• Users who already use their corporate email for their dartfish.tv account should not encounter any issues. 
• However, users who currently log in with a personal email address (e.g., a Google email) may face a risk when SSO is introduced. If they attempt to log in using the "Organization SSO" button, a new account will be created without any access rights. As a result, the user would end up with two accounts: 

• The existing dartfish.tv account with access rights.
• A new account with corporate credentials but without any access rights. 
  

• To prevent this situation, we recommend that organizations inform their members in advance to update their email address in the dartfish.tv Account Settings, replacing their personal email with their corporate email. 
• Once this transition is complete, SSO should then be activated. 

Risk Mitigation 

We have taken steps to minimize the risk of inadvertently creating a new account without access.  

If a user with a personal email (e.g., Gmail) logs in as usual and SSO has been activated for the organization's channel, they will be notified that access requires login via SSO. In this dialog, they will see an "SSO - Organization" button. 

If they click this button while already logged in, they will be redirected to the organization's Identity Provider login page. Once they authenticate using their corporate credentials, a link will be automatically established between the organization's Identity Provider and their existing Dartfish.tv account, allowing them to log in via SSO.  

This ensures a smooth transition without losing access rights. 

SSO Login Procedure Based on Organization Identification 

The login process via SSO will vary depending on whether the organization can be identified. An organization is considered identified in the following cases:

• The user accesses the channel through an invitation from a channel administrator to view content.
• The user logs out of a channel and attempts to log back in within the same session
• The user accesses the Dartfish application from their organization's IdP portal (e.g., Okta, OneLogin, etc.).
• The user follows a link to the Dartfish.tv channel of the organization.
• The user logs in through their organization’s Branded App. 

If the organization is identified, it will be easily recognized in the login panel with the channel's logo. Additionally, the "SSO - Organization" button will display the organization's name (or channel name in certain conditions, for example, "SSO - Test LSL2 as illustrated above) 

If the organization cannot be automatically identified, the user will need to manually select it during the login process. 

After the organization is identified, clicking the "SSO - Organization" button will redirect the user to the organization's Identity Provider login page, where they will authenticate using their corporate credentials. Depending on the IdP settings, re-entering credentials may not be required for subsequent logins, for example, within a 15-day period. 

Dartfish 2FA 

Two-Factor Authentication (2FA) enhances the security of your myDartfish account by requiring an additional authentication step beyond your password. This ensures that even if your password is compromised, unauthorized access is prevented.  

To enable 2FA, go to dartfish.tv Account Settings, where you can activate it and link your account to an authenticator app (such as Google Authenticator, Authy, or Duo) on your smartphone. 

In case you lose access to your authenticator app, an emergency recovery key allows you to regain entry. This key is essential for account recovery and should be stored securely, as it can only be used once before a new one must be generated. 

If a channel requires Security Level 2 (SL2), we will notify you and provide a direct link to configure 2FA. Access to private channel content will only be granted once 2FA or SSO is set up. 

Note that 2FA-enabled Dartfish Login is independent of the MFA that may be set up in the Organization IdP for SSO login. 

For detailed setup instructions, authentication steps, and troubleshooting tips, please refer to 

• Manage two-factor authentication for your myDartfish account 
• Sign in issues related to two-factor authentication