External Authentication Providers

Connect identity providers for single sign-on. Users are auto-provisioned on first login with default level "researcher". Configure group/role mapping to assign levels automatically.

OIDC Providers:

Keycloak
Auth0
Okta
Azure AD
Google

LDAP Providers:

Active Directory
OpenLDAP

Provider	Type	Endpoint	Status	Actions
Loading...
No external auth providers configured Users log in with local accounts only

Credential Security

Configure security policies for API tokens and provider credentials. Stale credentials are flagged in the system status.

Rotation Threshold (days)

Credentials older than this are flagged as stale

Early Warning

Show warnings before expiry

Warning at %

Warn when this % of threshold has passed

Login Information

Login URL: /login
Logout URL: /logout
API Key Header: X-API-Key: st_...

Session Duration: 24 hours (30 days with "remember me")
API Key Format: st_ prefix + 32 random chars