Security settings

General

• Password type : how user's password is stored in SetherAuth:
  • plain: the password will be stored in cleartext. (default)
  • salt : store the SHA-256 hash
  • sha512-salt : store the SHA-512 hash
  • md5-salt : store the MD5 hash
  • bcrypt : store the bcrypt hash
  • pbkdf2-salt : store PBKDF2 hash. Select this option if you are importing users using the Keycloak syncer.
  • argon2id : store the Argon2ID hash
• Password complexity options : select one or more options to set password complexity requirements for user passwords
• Master password : can be used to log in to all users under your organization, making it convenient for administrators impersonate users to solve technical issues
• Default password : default password for new users, if the user's password is not set

Multi-Factor Authentication

This allows users to configure Multi-Factor Authentication on their Self-Service pages.

You can set which Multi-Factor Authentication methods are available to users under MFA Items

There are some rules available for managing Multi-Factor Authentication items:

• Optional : Users can choose whether to enable this type of Multi-Factor Authentication
• Prompt : If the user does not enable this Multi-Factor Authentication mode, they will be prompted to enable it after logging in to SetherAuth
• Required : Users must enable this Multi-Factor Authentication method.