Skip to main content

Auth Settings

Manage Auth Settings

Manage settings for the authentication service focuses on the following:

  • Session Management: Configure JWT or opaque session tokens. By default, it is set to Opaque Session Tokens.

    • Opaque Session Tokens: An unique identifier that references a session managed by Pangea, they contain no claims related to the user. Opaque tokens can have longer session duration.

    • JSON Web Tokens (JWT): JWT's use an open standard for encoding user and claims information. When using JWTs it is recommended session duration be shorter. To use JWT safely you must configure a signing key. Also, enable the Vault service.

  • Token Lifetimes: Configure session, JWT and refresh token lifetimes. The lifetimes will determine how long tokens generated by the AuthN service are valid before expiring. You can set the time based on days, hours, minutes, or seconds.

    • User Token (Opaque): Opaque session tokens are also called User tokens. These tokens contain no information about the subject line and generally have a longer lifetime than JWTs.

      note

      This field shows up as User Token (JWT) when JSON Web Tokens (JWT) is selected in the Session Management

    • Refresh Token: A refresh token contains no information about the subject. It is only to extend the lifespan of an existing Session token or JWT. Refresh tokens are often very long-lived.

  • Signup Settings: Allow signups and manage signup verification settings.

    • Allow Signups: Allows users to sign up and create new accounts. Disabling this feature indicates that only invited users will be able to create accounts. By default, it is set to Disabled. Use the toggle switch to enable or disable this setting and it autosaves the settings.

    • Captcha Verification: Require users to complete a Captcha to signup. By default, it is set to Disabled. Use the toggle switch to enable or disable this setting and it autosaves the settings.

    • Email Verification: Require users to verify their email address before the account creation process is complete. By default, it is set to Disabled. Use the toggle switch to enable or disable this setting and it autosaves the settings.

      note

      This setting requires email verification for password accounts, but not for social accounts.

  • ** IP Allow List**: Restrict access to specific IP addresses, ranges, or subnets. By default, it is set to Disabled. Use the toggle switch to enable or disable this setting and it autosaves the settings.

    • Allowed IP Addresses: Click + IP Address to add an allowed IP address. In the Add IP address window, enter the IP address inside the IP address box. The allowed IP entries must be a single IP, a CIDR, or an IP range. The following IP addresses/entries are allowed:

      • 192.168.0.1 (single IP)
      • 192.168.0.0/24 (CIDR)
      • 192.168.0.100 - 192.168.0.200 (IP range)

      Now, click Save to see the IP address listed in the Allowed IP Addresses pane. To remove an IP address from the Allowed IP Addresses pane, hover your move over the IP address and click (⊖).

  • Domain Access List: Allow or deny signup for emails with specific domains. By default, it is set to Disabled.

    Add a domain to the list:

    • Click + Domain Name to add a domain. Click Save to add the domain to the list.

    Remove a domain from the list:

    • Click the minus (-) button to remove a domain.

    Allow access only from specific domains:

    • In the Match Action drop-down menu, select Allow. Click the toggle to set it to Enabled. This restricts sign-up access to only the email domains in the list.

    Deny access from specific domains:

    • In the Match Action drop-down menu, select Deny. Click the toggle to Enabled. This denies sign-up access to all email domains in the list.

    Disable the Domain Access List:

    • Click the toggle to Disabled. This allows email sign-up access to any domain.

  • Define Legal Agreements and Disclaimers: Define legal agreements that should be presented and accepted by users and add disclaimer content to the login and signup pages.

    • End User License Agreement: Require users to sign an End User License Agreement when creating an account or when updates to the EULA are published.

    • Create a new EULA: Input a EULA agreement that users will be required to sign. When there is an existing EULA, clicking the EULA name opens a dialog to modify the agreement. Click the toggle to require users to sign the EULA.

Was this article helpful?

Contact us