CIAM Settings
This page outlines the configurable settings in CIAM.
‌CIAM settings can only be managed by users with the SuperAdmin role. Settings within CIAM are sorted in three categories:
  1. 1.
    Account settings - managing everything related to user accounts
  2. 2.
    Styling settings - determining the styling of the dashboard
  3. 3.
    Email Template settings
The following account related settings can be configured:
  • Login method: Change the login method to allow users to login with either username, email or both.
  • Maximum failed login attempts: Specifies the maximum allowed number of failed login attempts before blocking the user.
  • Require 2FA for admins: Whether a two-factor authentication login is required for admin users.
  • Require 2FA for users: Whether a two-factor authentication login is required for regular users.
  • Has email change permission: Whether the users are allowed to change their email address or not.
Password related settings:
  • Minimum password length: The minimum number or characters a password should have. Minimum allowed is 8 characters.
  • Minimum number of digits: The minimum number of digits that a password should have.
  • Minimum number of uppercase letters: The minimum number of uppercase letters that a password should have.
  • Minimum number of lowercase letters: The minimum number of lowercase letters that a password should have.
  • Minimum number of special characters: The minimum number of special characters that a password should have.
  • Number of previous passwords that may not be used again: The number of previous passwords that the user's new password cannot match.
  • Allow common password: Allow password that are on the 'common password list'. For security reasons, it is recommended to not check this option.
Session / Inactive users related settings:
  • Timeout for blocked user: Specifies the number of seconds that the user will be blocked for after the maximum failed login attempts has been reached.
  • Maximum inactive days: Specifies the maximum number of days for the user not to have a successful login before the user account will be deactivated.
  • Maximum deactivated days: Specifies the maximum number of days for the user to have a deactivated account before the user account will be deleted (if the previous option was selected).
  • Maximum session duration in minutes: The maximum number of minutes a session can last before the user has to log in again.
  • Maximum days to trust device: Specifies the number of days for which OTP (2FA) will be bypassed from a trusted device. If this value is 0, the function will be disabled.
  • Delete user on organisation user delete: Deletes the user account if the deleted organisation user is the only account linked to this user.
  • Delete deactivated user: Deletes the user account if the maximum deactivated days limit is reached.
Inviting new users settings
  • Account creation redirect URL: The URL that the user will be redirected to after accepting an invitation.
  • Maximum days before invitation expires: The number of days that the link in the invitation email is valid for.
  • Sender's name for automated emails: The 'from' name on the automated emails.
Custom attributes settings
  • Custom attribute to be displayed on the 'Select your organisation' screen: This attribute is added behind the organisation name on the select organisation screen that is shown during login when a user belongs to multiple organisations.

Email Template settings

The invitation email and reset password email from CIAM can be configured in this section. Both the subject and the content of the emails can be changed to match the wished from the service provider. The content is HTML with the possibility of inline styling. Plain text emails are also possible.
The following parameters can be used in the content of the invitation email:
  • {{email_address}} for the email address of the recipient.
  • {{invitation_url}} for the link to accept the invitation.
  • {{invited_by}} for the full name of the user who is sending the invitation.
  • {{organization_name}} for the name of the organisation that the user is invited to.
  • {{roles}} for the recipient's roles in the organisation.
  • {{site_name}} for the name of the site.
The following parameters can be used in the content of the reset password email:
  • {{name_of_user}} for the name of the user who is receiving the email.
  • {{password_reset_url}} for the link to the password reset page.
  • {{requested_by}} for the name of the person who is requesting for password reset.
  • {{site_name}} for the name of the site
Last modified 7d ago