Skip to main content
Configure authentication methods, security policies, and access controls to secure your organization and manage user access.
Settings Location: Navigate to Admin Panel → Settings → Authentication to configure login methods and security policies.

Authentication Methods

Login Options

Email & Password

Traditional AuthenticationStandard email and password login with customizable security requirements.

Social Login

OAuth IntegrationAllow users to log in using their existing social media accounts.

Single Sign-On (SSO)

Enterprise AuthenticationSAML and OIDC integration for enterprise identity providers.

Magic Links

Passwordless AuthenticationEmail-based authentication without requiring passwords.

Social Authentication

Available Providers

  • Google
  • Microsoft
  • Social Platforms
  • Apple
Google OAuth 2.0Configure Google Sign-In integration:
  • Client ID and secret configuration
  • Scope permissions (profile, email)
  • Domain restrictions for Google Workspace
  • Automatic account creation settings

Social Login Configuration

1

Provider Setup

Register your application with each social provider and obtain client credentials.
2

Callback URLs

Configure redirect URLs for each provider to handle authentication responses.
3

User Mapping

Define how social profile information maps to your platform’s user fields.
4

Account Linking

Set up rules for linking social accounts to existing platform accounts.

Single Sign-On (SSO)

Enterprise SSO Providers

SAML 2.0

Security Assertion Markup Language
  • Identity provider integration
  • Metadata configuration
  • Attribute mapping
  • Certificate management

OIDC

OpenID Connect
  • Discovery endpoint setup
  • Client credentials management
  • Scope and claims configuration
  • Token validation settings

LDAP

Directory Services
  • Active Directory integration
  • LDAP server connection
  • User and group synchronization
  • Attribute binding configuration

SSO Configuration Process

  • Provider Setup
  • Security Settings
  • User Provisioning
Identity Provider Configuration
  1. Metadata Import: Import SSO provider metadata or configure manually
  2. Certificate Upload: Add signing and encryption certificates
  3. Attribute Mapping: Map SSO attributes to platform user fields
  4. Group Synchronization: Configure role and permission mapping

Password Policies

Security Requirements

Password Strength

Complexity RequirementsConfigure minimum password requirements including length, character types, and common password prevention.

Policy Configuration

Password Requirements
  • Minimum password length (8-64 characters)
  • Require uppercase and lowercase letters
  • Require numeric characters
  • Require special characters
  • Prevent common passwords and dictionary words
  • Prevent password reuse (last 5-24 passwords)
Password Lifecycle
  • Password expiration period (90-365 days)
  • Advance warning before expiration (7-30 days)
  • Forced password change for security incidents
  • Grace period for expired passwords
  • Automatic account lockout for expired passwords
Brute Force Protection
  • Maximum failed login attempts (3-10 attempts)
  • Account lockout duration (15 minutes to 24 hours)
  • Progressive lockout (increasing lockout time)
  • IP-based lockout policies
  • Admin override capabilities

Multi-Factor Authentication (MFA)

MFA Methods

  • Authenticator Apps
  • SMS Verification
  • Email Verification
  • Hardware Keys
TOTP AuthenticationTime-based one-time passwords using apps like:
  • Google Authenticator
  • Microsoft Authenticator
  • Authy
  • 1Password
  • Custom TOTP applications

MFA Policies

1

Requirement Rules

Define which users or roles must use multi-factor authentication.
2

Backup Methods

Configure backup authentication methods when primary MFA is unavailable.
3

Recovery Procedures

Set up account recovery processes for users who lose access to MFA devices.
4

Admin Overrides

Define emergency procedures for admins to bypass MFA in critical situations.

Session Management

Session Security

Session Duration

Timeout ConfigurationConfigure how long users stay logged in and when sessions expire.

Concurrent Sessions

Multiple Login ControlManage how many simultaneous sessions users can have active.

Session Policies

Session Expiration
  • Idle timeout duration (15 minutes to 8 hours)
  • Maximum session length (1-24 hours)
  • Remember me options and duration
  • Activity-based session extension
  • Role-based timeout variations
Trusted Devices
  • Device registration and trust levels
  • Maximum trusted devices per user
  • Device-specific session policies
  • Remote device session termination
  • Suspicious device detection and alerts

Access Controls

IP Address Restrictions

1

Allowlist Configuration

Define IP addresses or ranges that are permitted to access the platform.
2

Geographic Restrictions

Configure country or region-based access controls.
3

VPN Detection

Set policies for users connecting through VPN services.
4

Dynamic IP Handling

Configure how to handle users with changing IP addresses.

Time-Based Access

Business Hours

Scheduled Access ControlConfigure time-based access restrictions based on business hours, time zones, and user roles.

Security Monitoring

Login Monitoring

  • Failed Attempts
  • Success Tracking
  • Admin Notifications
Security AlertsMonitor and alert on suspicious login activity:
  • Multiple failed login attempts
  • Login attempts from new locations
  • Unusual login times or patterns
  • Attempts to use compromised credentials

Compliance & Auditing

Audit Trail

Authentication Logging

Comprehensive Activity RecordsMaintain detailed logs of all authentication events for security auditing and compliance requirements.

Compliance Features

  • SOC 2 Compliance: Authentication controls for security audits
  • GDPR Requirements: User consent and data processing for authentication
  • HIPAA Compliance: Enhanced security for healthcare organizations
  • Custom Compliance: Configurable security controls for industry requirements

Emergency Procedures

Account Recovery

1

Lost Password Recovery

Configure secure password reset procedures with identity verification.
2

MFA Device Replacement

Set up procedures for users who lose access to MFA devices.
3

Account Lockout Resolution

Define processes for resolving legitimate account lockouts.
4

Emergency Admin Access

Configure emergency access procedures for critical situations.
Security Best Practice: Enable MFA for all admin accounts and users with elevated privileges to prevent unauthorized access.
Important: Changes to authentication settings may require users to log out and back in. Plan authentication updates during low-usage periods.
SSO and social authentication configurations require coordination with IT teams and external identity providers for proper setup and testing.
I