Login and SSO
Arythmatic uses Auth0 organization-scoped authentication for all user sign-ins. This means every login is tied to your specific workspace — users do not share a global Arythmatic account pool, and there is no risk of a user accidentally accessing another organization's workspace.
This page explains how the login flow works, what your users experience, and what you need to know as an Admin.
How Login Works
The Login Page
Every workspace has a login entry point on the Arythmatic platform. When a user navigates to your workspace URL (for example, yourcompany.arythmatic.com) or clicks a link in an invitation email, they land on the Arythmatic login page.
The login page is automatically scoped to your workspace. Users do not choose an organization from a list — the workspace is resolved from the URL they arrived on.
Auth0 Organization-Scoped Authentication
Arythmatic's authentication is built on Auth0, a widely used identity platform. Your workspace is represented as an Auth0 organization, which means:
- All user credentials and sessions are managed by Auth0, not stored in a separate Arythmatic-specific system.
- Login is enforced at the organization level — a user must be a member of your workspace's Auth0 organization to log in. Invitation is what creates that membership (see Inviting Users).
- Passwords, multi-factor authentication, and social login settings are managed through your Auth0 organization configuration.
The Authentication Flow
- User navigates to your workspace URL or clicks an invitation link.
- Arythmatic redirects them to Auth0 with your workspace's organization context.
- Auth0 presents the login screen (username/password, or any social/enterprise login you have configured).
- On successful authentication, Auth0 redirects the user back to Arythmatic with a token.
- Arythmatic validates the token, resolves the user's workspace roles, and loads the appropriate dashboard — the manage dashboard for Admins, GroupAdmins, and Instructors; the learner portal for Learners.
From the user's perspective, this is a single-step login on a familiar screen. The Auth0 redirect happens instantly and is not visible.
What Admins Control
As an Admin, you do not manage Auth0 directly through the Arythmatic dashboard. What you do control:
- Who can log in — only users you have invited to the workspace can authenticate. Inviting a user creates their workspace membership; revoking access removes it.
- User roles — roles determine what each user can do after they log in (see Roles and Permissions).
- Deactivating users — if a user should no longer have access, deactivate or remove them from the workspace.
Passwords and Password Resets
Users set and reset their own passwords directly through Auth0. The Forgot Password link on the login page initiates an Auth0 password-reset email. As an Admin, you do not see or manage user passwords.
If a user is locked out, direct them to use the Forgot Password link on the login page. If they have lost access to their email address, contact Arythmatic support.
Enterprise SSO (SAML / OIDC)
If your organization uses a corporate identity provider (such as Microsoft Azure AD, Okta, Google Workspace, or another SAML/OIDC-compatible IdP), Arythmatic supports connecting your IdP through Auth0.
With enterprise SSO configured:
- Users log in with their existing corporate credentials — no separate Arythmatic password is needed.
- Your IdP enforces your corporate MFA and access policies.
- Deprovisioning a user in your IdP automatically blocks their access to Arythmatic on the next session.
Enterprise SSO setup is performed during account onboarding and requires coordination between your IT team and Arythmatic's onboarding team. If you want to add or change SSO configuration after your workspace is live, contact Arythmatic support.
Sessions
Session Duration
Authenticated sessions have a timeout configured in your workspace settings. After the timeout period of inactivity, the user is prompted to log in again. Arythmatic does not persist long-lived session tokens — tab closes or extended inactivity will require re-authentication.
Multi-Device and Multi-Tab Usage
Sessions are scoped per browser tab. A user can be logged in on multiple devices simultaneously. Logging out on one device does not affect sessions on other devices.
Learner Login vs. Admin Login
| User type | Where they land | What they see |
|---|---|---|
| Admin | Manage dashboard | Full admin interface |
| GroupAdmin | Manage dashboard (school/group portal) | School and group management |
| Instructor | Manage dashboard | Content and course management |
| Learner | Learner portal | Courses, progress, certificates |
If a user holds multiple roles (for example, an Admin who is also an Instructor), they land in the manage dashboard and can switch context using the Role Switcher in the header.
A user who holds only the Learner role is automatically redirected to the learner portal after login and does not see the manage dashboard.
Troubleshooting Login Issues
| Symptom | Likely cause | Resolution |
|---|---|---|
| "Access denied" after entering credentials | User is not invited to the workspace, or their account has been deactivated | Re-invite the user or check their status under Users |
| Password reset email not arriving | Email in spam, or incorrect email address on file | Ask the user to check spam; if the email is wrong, update it and re-invite |
| User lands on wrong dashboard after login | User's role is not configured correctly | Update the user's role under Users → [User] → Roles |
| SSO login fails with an error from the IdP | IdP is not configured for this user, or the IdP integration has expired | Contact your IT team and Arythmatic support |
Related Pages
- Inviting Users — how to add users to your workspace
- Roles and Permissions — what each role can access after login
- Workspace Settings — session timeout and other auth-adjacent settings