The Authentication module provides essential security settings to control user access and authentication behavior within the application. This module allows administrators to define login policies, account approval processes, registration rules, and password management settings to enhance security and user experience.

Accessing the Module

This module can be accessed by navigating to Config → Authentication.

Key Configuration Options:

1. Login Security Settings

• Login Throttle Max Attempt: Defines the maximum number of failed login attempts before temporarily locking the user account.
• Login Throttle Lock Timeout (Minutes): Specifies the duration (in minutes) for which a user account remains locked after exceeding the max login attempts.

2. Password Management

• Reset Password: Allows users to reset their passwords if they forget them.
• Reset Password Token Lifetime: Defines the validity period (in minutes) of the password reset token before it expires.

3. Registration & Account Approval

• Registration: Enables or disables public user registration. If enabled, any user can sign up and access the application.
• Account Approval: If enabled, new user registrations require admin approval before they can log in.
• Email Verification: Requires users to verify their email address before accessing the system.
• Show Terms on Registration: Displays terms and conditions during the registration process, ensuring users agree before signing up.

4. Authentication Methods