go~mus + auth

Employees sign in to go~mus with their existing account. No second password, no separate onboarding. Productively supported are Microsoft Entra ID and Google Workspace, further providers on request.

New colleagues are productive immediately once they exist in your identity provider. When they leave, the central logout also revokes go~mus access. For houses with strict compliance requirements, password login can be disabled so only SSO is used.

If no central identity provider is in place, go~mus comes with full native user management. Smaller houses without an IT department add staff directly, larger groups organise role models per location.

Password rules follow current NIST and BSI guidance: strength check instead of mandatory special characters, lock-out after repeated wrong entries, password reset by email, auditable logins. Procurement-grade security requirements are met without further configuration.

Optionally enable time-based one-time passwords (TOTP) for individual roles or for all backend users. Security-sensitive houses make 2FA mandatory for accounting and administration; the rest decide for themselves.

New accounts can be created in two modes: auto-signup as soon as a colleague signs in via the identity provider for the first time, or creation only after an admin confirms. Large organisations with a central IdP pick auto-signup, houses with a four-eyes principle pick the confirmation mode.