Configure the Authentication setting

To configure the Authentication setting:

  1. On the menu bar, click Manage cog icon.

  2. On the Manage page, click Settings.

  3. On the Settings page, select the Authentication setting.

  4. Add the properties.

  5. Click Save.

Note

You can refer to the configuration example for a better understanding of this setting.

Properties

You can configure the following authentication properties.

Property

Description

Default value

AttemptsBeforeLockout

Number of failed login attempts before a user is locked out of the system.

3

AutoCreateUsers

If set to true, and a user logs in with an external authentication provider, an account is created automatically if the user does not already have one.

false

AutoRestrict

If set to true, all new users are automatically restricted. Restricted users can only access a specific landing page until an administrator verifies their account.

true

CookieDomain

Domain used for the authentication cookie.

null

CookieName

Name of the authentication cookie.

null

DefaultUserGroups

A list of user groups that new users are added to automatically. Any groups in this list that do not already exist are created when a user is added to them by this process. If you don’t want new users to be added to any user groups automatically, this list can be left blank or the property omitted.

empty

EnableBasicAuthentication

If set to true, users can log in using a username and password on the login page. If set to false, they can only log in using external authentication providers.

false

EnableConfirmationMail

If set to true, users can only log in after clicking the link in the confirmation email sent to them.

true

EnableCredentialless

If set to true, users can log in using an external authentication provider without having to create an account for it. If a user's email address already exists in the system, the login is linked to the existing account.

false

EnableEmailWhiteList

If set to true, only users with email addresses matching one of the configured patterns listed in WhiteListedEmailPatterns can create an account.

true

EnableExternalAuthentication

If set to true, external authentication is enabled, letting users log in with one of the configured external authentication providers.

true

EnableForgotPassword

If ShowForgotPassword is true, then this must also be true.

false

EnableLockout

If set to true, user accounts are automatically locked out after exceeding the number of failed login attempts set in AttemptsBeforeLockout.

true

EnableRegister

If set to true, users can create a new account using the registration page.

Note

This property relies on a public endpoint used to create new user accounts. If you enable this property, you must configure ReCaptcha to avoid validation errors when saving your authentication settings. We also recommend to enable AutoRestrict and use DefaultUserGroups.

false

ExpireTimeSpan

Validity period of the authentication cookie. The maximum value is 1440 minutes (equivalent to 24 hours).

30 minutes

ExternalAuthenticationProviders

Configuration settings of the external authentication provider.

Base configuration

MinutesToLockout

The period that a user is locked out of the system after exceeding the unsuccessful login attempts set by AttemptsBeforeLockout.

5 minutes

PasswordExpiration

Validity period of a password. Users are prompted to change their password when it expires.

90 days

PasswordRules

Rules used to validate user passwords:

  • RequireDigit - the password must contain a digit.

  • RequireLowercase - the password must contain a lowercase character.

  • RequireNonLetterOrDigit - the password must contain a non-alphanumeric character.

  • RequireUppercase - the password must contain an uppercase character.

  • RequiredLength - minimum length for a password.

  • RequireDigit - true

  • RequireLowercase - true

  • RequireNonLetterOrDigit - true

  • RequireUppercase - false

  • RequiredLength - 8

PostSignOutRedirectUrl

Users are redirected to the specified URL after signing out of the application. If this option is not specified, users are redirected back to the login page.

Note

You can access the remote sign-out page of the authentication service provider at the /signout-{provider-name} endpoint, and you can access the sign-out call back page at the /signout-callback-{provider-name} endpoint.

null

ReCaptcha

ReCaptcha provides protection against spam. Ensure that the correct key and secret are stated. Must be configured if EnableRegister is set to true.

key and secret

RegistrationLink

A registration page URL. If EnableRegister and ShowRegister are true, users who click the registration link on the login page are directed to this URL.

null

ShowForgotPassword

If set to true, a link to the forgotten password page appears on the login page.

false

ShowRegister

If set to true, a link to the RegistrationLink URL shows on the login page.

false

SlidingExpiration

If set to true, the authentication cookie gets a new expiration time whenever a request is processed more than halfway through the expiration period.

false

TokenLifespan

The period after which password reset and email confirmation tokens expire.

10 hours

WhiteListedEmailPatterns

If EnableEmailWhiteList is true, users can only create an account if the email they use matches at least one of the regular expressions in this list property. If the list is empty, there are no restrictions on which email addresses can be used.

empty

Do you have some feedback for us?

If you have suggestions for improving this article,