Authentication

Authentication settings control how users log in to your workspace — including the built-in email/password method, lockout rules, password requirements, and optional SSO via OIDC.

Who can manage these settings?

The Authentication page is only accessible to Tenant Admins. Project Admins and Regular Users cannot view or change authentication settings.

Two areas of configuration

Authentication settings are split into two tabs in Admin → Authentication:

• Internal — Login rules (lockout, remember login, password reset) and the Password Policy (length, character requirements). This controls how email/password login behaves.
• External — OIDC/SSO providers. Configure Google, Microsoft, or any generic OIDC identity provider as an alternative login method.

Lockout risk: Internal login + no external providers If you disable internal login and have no external providers configured (or your OIDC provider is misconfigured), all users — including Tenant Admins — will be locked out. Always configure and test an external provider before disabling internal login.