Identity providers
This section allows you to configure how the system authenticates users. It is intended for application administrators and does not require LDAP or Active Directory expertise.
What is an Identity Provider
An Identity Provider is a source used by the system to read users and verify login credentials.
The system supports:
- one internal Identity Provider (default)
- one or more LDAP / Active Directory Identity Providers
Internal Identity Provider (default)
The system always includes an internal Identity Provider.
Key characteristics:
- it is always available
- it cannot be deleted
- manages users created directly in the system
- applies configured security rules (password, 2FA, etc.)
This provider ensures access even if external LDAP servers are unavailable.
LDAP Identity Providers
In addition to the internal provider, you can configure one or more LDAP / Active Directory servers.
These providers allow you to:
- authenticate corporate users
- centralize account management
- reuse existing infrastructures
Each LDAP server is independent.
Identity Provider list
The main page shows the list of configured Identity Providers.
For each provider you can:
- view the provider type
- edit the configuration
- delete LDAP providers
Add a new LDAP server
- Click Add identity provider
- Select LDAP Identity Provider
- Fill in the required fields
Main parameters
- Name – LDAP server name
- Domain – Reference domain
- Description – Optional description
- Protocol – LDAP or LDAPS
- Port – Connection port
- Server – LDAP server address
- Base DN – Base DN for user search
- Click Add to save.
Edit an LDAP server
- Click the provider in the list
- Update the desired parameters
- Click Edit to save
Changes apply immediately.
Password policies and 2FA (Internal Identity Provider)
For the internal Identity Provider, it is possible to configure password security policies. These settings define the requirements that user passwords must meet.
Password length
| Setting | Description | Default |
|---|---|---|
| Minimum length | Minimum number of characters required | 8 |
| Maximum length | Maximum number of characters allowed | 32767 |
Character requirements
| Setting | Description |
|---|---|
| Require uppercase | At least one uppercase letter (A-Z) |
| Require lowercase | At least one lowercase letter (a-z) |
| Require special character | At least one special character (e.g., !@#$%^&*) |
Password policies are applied:
- when creating new users;
- when existing users change their password.
Two-Factor Authentication (2FA)
In this section, you can also enable or disable Two-Factor Authentication (2FA) for users of the internal Identity Provider.
When 2FA is enabled:
- All users authenticating through this provider must complete 2FA setup on their first login
- A 6-digit code from an authenticator app will be required at each login
Delete an LDAP server
LDAP providers can be deleted if no longer needed.
Frequently asked questions
Can I use multiple LDAP servers?
Yes, multiple LDAP Identity Providers can be configured.
What happens if an LDAP server is unreachable?
Users linked to that provider will not be able to authenticate.
Can I delete the internal Identity Provider?
No, it is always available to ensure administrative access.
Do password policies apply to LDAP users?
No. Password policies configured here apply only to users managed by the internal Identity Provider. LDAP users follow the password policies defined on the external LDAP/Active Directory server.
Can I require 2FA for LDAP users?
Yes. 2FA can be enabled independently for each Identity Provider, including LDAP providers.
What happens if I change password policies?
New password policies apply to new users and when existing users change their password. Existing passwords are not affected until the user changes them.
What are the default password policy values?
By default, the minimum password length is 8 characters and the maximum is 32767 characters. Character requirements (uppercase, lowercase, special) are disabled by default.