Configure the Authentication setting

Current version: 4.2

To configure the Authentication setting:

  1. On the menu bar, click Manage .

  2. On the Manage page, click Settings.

  3. On the Settings page, select the Authentication setting.

  4. Add the properties.

  5. Click Save.


You can refer to the configuration example for a better understanding of this setting.


You can configure the following authentication properties.

PropertyDescriptionDefault value
AttemptsBeforeLockoutNumber of failed login attempts before a user is locked out of the system.3
AutoCreateUsersIf set to true, and a user logs in with an external authentication provider, an account is created automatically if the user does not already have one.false
AutoRestrictIf set to true, all new users are automatically restricted. Restricted users can only access a specific landing page until an administrator verifies their account.true
CookieDomainDomain used for the authentication cookie.null
CookieNameName of the authentication cookie.null
DefaultUserGroupsA list of user groups that new users are added to automatically. Any groups in this list that do not already exist are created when a user is added to them by this process. If you don’t want new users to be added to any user groups automatically, this list can be left blank or the property omitted.empty
EnableBasicAuthenticationIf set to true, users can log in using a username and password on the login page. If set to false, they can only log in using external authentication providers.false
EnableConfirmationMailIf set to true, users can only log in after clicking the link in the confirmation email sent to them.true
EnableCredentiallessIf set to true, users can log in using an external authentication provider without having to create an account for it. If a user's email address already exists in the system, the login is linked to the existing account.false
EnableEmailWhiteListIf set to true, only users with email addresses matching one of the configured patterns listed in WhiteListedEmailPatterns can create an account.true
EnableExternalAuthenticationIf set to true, external authentication is enabled, letting users log in with one of the configured external authentication providers.true
EnableForgotPasswordIf ShowForgotPassword is true, then this must also be true.false
EnableLockoutIf set to true, user accounts are automatically locked out after exceeding the number of failed login attempts set in AttemptsBeforeLockout.true
EnableRegisterIf set to true, users can create a new account using the registration page.


This property relies on a public endpoint used to create new user accounts. If you enable this property, you must configure ReCaptcha to avoid validation errors when saving your authentication settings. We also recommend to enable AutoRestrict and use DefaultUserGroups.

ExpireTimeSpanValidity period of the authentication cookie. The maximum value is 1440 minutes (equivalent to 24 hours).30 minutes
ExternalAuthenticationProvidersConfiguration settings of the external authentication provider.Base configuration
MinutesToLockoutThe period that a user is locked out of the system after exceeding the unsuccessful login attempts set by AttemptsBeforeLockout.5 minutes
PasswordExpirationValidity period of a password. Users are prompted to change their password when it expires.90 days
PasswordRulesRules used to validate user passwords:
  • RequireDigit - the password must contain a digit.
  • RequireLowercase - the password must contain a lowercase character.
  • RequireNonLetterOrDigit - the password must contain a non-alphanumeric character.
  • RequireUppercase - the password must contain an uppercase character.
  • RequiredLength - minimum length for a password.
  • RequireDigit - true
  • RequireLowercase - true
  • RequireNonLetterOrDigit - true
  • RequireUppercase - false
  • RequiredLength - 8

Users are redirected to the specified URL after signing out of the application. If this option is not specified, users are redirected back to the login page.


You can access the remote sign-out page of the authentication service provider at the /signout-{provider-name} endpoint, and you can access the sign-out call back page at the /signout-callback-{provider-name} endpoint.

ReCaptchaProtection against spam. Ensure that the correct key and secret are stated. Must be configured if EnableRegister is set to true.key and secret
RegistrationLinkA registration page URL. If EnableRegister and ShowRegister are true, users who click the registration link on the login page are directed to this URL.null
ShowForgotPasswordIf set to true, a link to the forgotten password page appears on the login page.false
ShowRegisterIf set to true, a link to the RegistrationLink URL shows on the login page.false
SlidingExpirationIf set to true, the authentication cookie gets a new expiration time whenever a request is processed more than halfway through the expiration period.false
TokenLifespanThe period after which password reset and email confirmation tokens expire.10 hours
WhiteListedEmailPatternsIf EnableEmailWhiteList is true, users can only create an account if the email they use matches at least one of the regular expressions in this list property. If the list is empty, there are no restrictions on which email addresses can be used.empty

Do you have some feedback for us?

If you have suggestions for improving this article,