Configure the Authentication setting

Current version: 4.2

To configure the Authentication setting:

On the menu bar, click Manage .
On the Manage page, click Settings.
On the Settings page, select the Authentication setting.
Add the properties.
Click Save.

Note

You can refer to the configuration example for a better understanding of this setting.

Properties

You can configure the following authentication properties.

Property	Description	Default value
`AttemptsBeforeLockout`	Number of failed login attempts before a user is locked out of the system.	3
`AutoCreateUsers`	If set to `true`, and a user logs in with an external authentication provider, an account is created automatically if the user does not already have one.	`false`
`AutoRestrict`	If set to `true`, all new users are automatically restricted. Restricted users can only access a specific landing page until an administrator verifies their account.	`true`
`CookieDomain`	Domain used for the authentication cookie.	null
`CookieName`	Name of the authentication cookie.	null
`DefaultUserGroups`	A list of user groups that new users are added to automatically. Any groups in this list that do not already exist are created when a user is added to them by this process. If you don’t want new users to be added to any user groups automatically, this list can be left blank or the property omitted.	empty
`EnableBasicAuthentication`	If set to `true`, users can log in using a username and password on the login page. If set to `false`, they can only log in using external authentication providers.	`false`
`EnableConfirmationMail`	If set to `true`, users can only log in after clicking the link in the confirmation email sent to them.	`true`
`EnableCredentialless`	If set to `true`, users can log in using an external authentication provider without having to create an account for it. If a user's email address already exists in the system, the login is linked to the existing account.	`false`
`EnableEmailWhiteList`	If set to `true`, only users with email addresses matching one of the configured patterns listed in `WhiteListedEmailPatterns` can create an account.	`true`
`EnableExternalAuthentication`	If set to `true`, external authentication is enabled, letting users log in with one of the configured external authentication providers.	`true`
`EnableForgotPassword`	If `ShowForgotPassword` is `true`, then this must also be `true`.	`false`
`EnableLockout`	If set to `true`, user accounts are automatically locked out after exceeding the number of failed login attempts set in `AttemptsBeforeLockout`.	`true`
`EnableRegister`	If set to `true`, users can create a new account using the registration page. WARNING This property relies on a public endpoint used to create new user accounts. If you enable this property, you must configure `ReCaptcha` to avoid validation errors when saving your authentication settings. We also recommend to enable `AutoRestrict` and use `DefaultUserGroups`.	`false`
`ExpireTimeSpan`	Validity period of the authentication cookie. The maximum value is 1440 minutes (equivalent to 24 hours).	30 minutes
`ExternalAuthenticationProviders`	Configuration settings of the external authentication provider.	Base configuration
`MinutesToLockout`	The period that a user is locked out of the system after exceeding the unsuccessful login attempts set by `AttemptsBeforeLockout`.	5 minutes
`PasswordExpiration`	Validity period of a password. Users are prompted to change their password when it expires.	90 days
`PasswordRules`	Rules used to validate user passwords: `RequireDigit` - the password must contain a digit. `RequireLowercase` - the password must contain a lowercase character. `RequireNonLetterOrDigit` - the password must contain a non-alphanumeric character. `RequireUppercase` - the password must contain an uppercase character. `RequiredLength` - minimum length for a password.	`RequireDigit` - `true` `RequireLowercase` - `true` `RequireNonLetterOrDigit` - `true` `RequireUppercase` - `false` `RequiredLength` - 8
`PostSignOutRedirectUrl`	Users are redirected to the specified URL after signing out of the application. If this option is not specified, users are redirected back to the login page. TIP You can access the remote sign-out page of the authentication service provider at the `/signout-{provider-name}` endpoint, and you can access the sign-out call back page at the `/signout-callback-{provider-name}` endpoint.	null
`ReCaptcha`	Protection against spam. Ensure that the correct `key` and `secret` are stated. Must be configured if `EnableRegister` is set to `true`.	`key` and `secret`
`RegistrationLink`	A registration page URL. If `EnableRegister` and `ShowRegister` are true, users who click the registration link on the login page are directed to this URL.	null
`ShowForgotPassword`	If set to `true`, a link to the forgotten password page appears on the login page.	`false`
`ShowRegister`	If set to `true`, a link to the `RegistrationLink` URL shows on the login page.	`false`
`SlidingExpiration`	If set to `true`, the authentication cookie gets a new expiration time whenever a request is processed more than halfway through the expiration period.	`false`
`TokenLifespan`	The period after which password reset and email confirmation tokens expire.	10 hours
`WhiteListedEmailPatterns`	If `EnableEmailWhiteList` is `true`, users can only create an account if the email they use matches at least one of the regular expressions in this list property. If the list is empty, there are no restrictions on which email addresses can be used.	empty