Microsoft O365 for Authentication

I tried the O365 Authentication, which is an interesting new feature. One benefit I expected was that if an employee was terminated and their account disabled, they would be prevented from accessing Insightly along with the other O365 products.

It looks like what's actually happening is I can use that email address to login using Insightly OR O365 authentication -- meaning a terminated employee could login using their Insightly password, even if their O365 account was disabled.

Just want to understand if there is a way to default to O365 auth or if I should think about this as an end-user convenience, but not a security feature.




Please sign in to leave a comment.