Sign-In Methods in Buk - Manual

1. Introduction

Logging in is the first point of contact your employees have with the Buk platform. That's why it's essential that it besimple, secure, and adapted to your company's needs.

At Buk we offer different authentication methodologies, allowing each organization to choose the most suitable option according to its level of technological maturity, size, or security requirements.

This manual will help you:

• Learn which sign-in methods exist.

• Understand which one applies to your company.

• Review how they are configured and what implications they have.

• Identify which features are available with each method (such as password recovery or two-factor authentication).

Whether you're an SME that needs a simple solution, or a large company with its own authentication system,at Buk you'll find an access option that suits you.

2. What authentication methods does Buk offer?

Buk hasfour main methodsfor users to access the platform:

Each one has different characteristics, benefits, and technical requirements. Below we explain how they work and how to choose the right one.

3. How does Buk determine which method to use for each user?

The sign-in flow is automatic and transparent to the end user:

1. The user accesses their company's customized URL (e.g.:empresa.buk.cl).

2. They enter their email address.

3. Buk detects which domain that email belongs to.

4. According to the configuration defined by the client, the system activates the corresponding authentication method.

5. The user is redirected to the correct flow (password, Google, Microsoft, SAML, etc.).

4. Authentication methods available in detail

4.1. Email + Password (Standard sign-in)

What is it?
The user signs in with a unique password that is managed directly in Buk.

How does it work?

• They enter their email.

• Buk requests their password.

• If the company has email-based two-factor authentication enabled, a verification code will also be sent.

Features:

• Does not require technical integration.

• Compatible with password recovery via SMS.

• Compatible with email-based two-factor authentication (2FA).

• User and password management is handled within Buk.

Ideal for:
Companies without IT infrastructure or without the need to integrate with external systems.

4.2. SSO with Google or Microsoft (standardized OAuth)

What is it?
Allows users to sign in with their corporate Google Workspace or Microsoft 365 accounts.

How does it work?

• The user enters their corporate email.

• Buk detects the domain and redirects to Google or Microsoft.

• Once authenticated on that service, they are returned automatically to Buk.

Features:

• Does not require complex technical configuration.

• Users do not have to remember an additional password.

• Not compatible with SMS recovery or email-based two-factor authentication (since authentication occurs outside Buk).

• If the organization uses SSO, you must manage your password from that provider (Google or Microsoft).

Ideal for:
Companies that already use Google or Microsoft as their main suite of tools.

4.3. SSO with custom OAuth (OpenID Connect)

What is it?
A direct integration with the client's own authentication system, using the OpenID Connect standard.

How does it work?

• The user enters their email.

• Buk redirects to the client's login system.

• The user authenticates and returns to Buk already validated.

Requires technical configuration, including:

• client_idandclient_secret

• Authorization, token, user info, and logout URLs

• Definition of domains and authentication rules

Features:

• Fully customizable.

• Secure, tailored integration.

• Requires support from Buk's Projects team.

Ideal for:
Companies with in-house development that already manage their users' credentials.

4.4. SSO with SAML (Enterprise solution)

What is it?
An integration with a corporate Identity Provider (IdP), using the SAML standard.

How does it work?

• The user enters their email.

• They are redirected to their IdP portal (such as Okta, OneLogin, Auth0, or Azure AD).

• They authenticate and Buk validates their access with the information provided by the IdP.

Features:

• High security and robustness.

• Allows complete centralization of access to all corporate tools.

• Requires joint configuration and technical support.

Ideal for:
Large companies with strict corporate security requirements.

5. Additional features

Password recovery via SMS

Available only for users with theEmail + Password.

How does it work?

1. The user clicks on "Forgot your password?".

2. They enter their email.

3. If they have a registered number, they receive a code by SMS.

4. They enter the last 4 digits of their cell phone to validate.

5. They receive the code and create a new password.

Important:
Not available for users with SSO methods (OAuth or SAML), since credentials are managed in external systems.

Email-based two-factor authentication (2FA)

Can be activated for companies using theEmail + Password.
Adds an extra layer of security: after entering their password, the user receives a verification code by email.

Important:
Not compatible with OAuth or SAML, since authentication occurs outside Buk.

6. General comparison of methods

7. Configuration and pricing considerations

8. Final recommendations

• If you're not sure which method is configured on your Buk account, contact our support team.

• If you want to change methods, we'll evaluate the best option with you according to your technical and organizational situation.

• Authentication methodologies directly impact security and user experience: choosing correctly is key.

🤖 This article was translated using artificial intelligence. View original article.