Internal Login
Internal login is TestOrchestrator's built-in email and password authentication method. These settings control lockout behaviour, whether users can reset their own passwords, and whether persistent "remember me" sessions are allowed.
Settings reference
All settings are found on the Internal tab under Admin → Authentication. Changes are saved per-section.
| Setting | Default | Range | What it does |
|---|---|---|---|
| Internal login enabled | On | — | Master toggle for email/password login. When off, the email and password fields are hidden on the login page. |
| Allow password reset | On | — | Shows the "Forgot password?" link on the login page. When off, users cannot self-serve a password reset. |
| Allow remember login | On | — | Shows a "Remember me" checkbox on the login page. When checked by the user, their session persists for 30 days without re-authentication. |
| Max failed attempts | 5 | 3–20 | Number of consecutive incorrect password attempts before the account is temporarily locked. |
| Lockout duration | 15 minutes | 1–1440 min | How long an account stays locked after reaching the failed attempt limit. The lock clears automatically; no admin action is needed. |
Account lockout
When a user exceeds the max failed attempts threshold, their account is locked for the configured lockout duration. The lockout resets automatically — the user simply needs to wait, then try again with the correct password.
Lockout is per-account and does not affect other users. Admins cannot manually clear a lockout; the account unlocks when the timer expires.
Password reset
When password reset is enabled, the login page shows a "Forgot password?" link. The user enters their email address and receives a reset link. The link is single-use and expires after a short period.
"If I disable password reset, how do users recover access to their account?" A Tenant Admin can manually set a new password for the user in Admin → Users → All Users. Edit the user, then use the password change option. The user should be advised to change their password on next login.
Remember login
When enabled, users see a "Remember me" checkbox on the login page. Checking it creates a 30-day persistent session — the user stays logged in across browser restarts without re-entering credentials.
Security trade-off on shared devices A 30-day session on a shared or public computer gives extended access to anyone using that machine. If your workspace is accessed from shared devices, consider disabling "Allow remember login" to require authentication on every browser session.
Disabling internal login
Turning off internal login hides email/password authentication entirely. Users can only log in via an external OIDC provider. This is appropriate for workspaces that enforce SSO.
Lockout risk If you disable internal login and have no enabled external provider, no one can log in — including Tenant Admins. Before disabling internal login, configure and test at least one working external provider. See External Providers.