General settings#

On the tab General settings of the section Authentication you can set:

  • Default authentication level: specify First factor to require users to verify the first authentication factor only (except for users whose settings include the need to verify the second factor). Specify First and second factor to require users to verify the second authentication factor in addition to the first factor.

  • Session duration parameters:

    • Session inactivity timeout: specify time in seconds within which a user session will remain active despite of the user inactivity (absence of transitions between different applications).

    • Maximal session timeout: specify maximum time in seconds within which a user session will remain active (regardless of whether there is any user action).

      Attention

      The duration of a user’s SSO session can also be affected by the blc cookie validity period on the Blitz Identity Provider side. By default, the blc cookie validity period is 10800 seconds. If the maximum session duration exceeds this value, the user may be asked to log in again as soon as the cookie expires, even with an active SSO session. In this case, make changes to the configuration file.

  • Logout screen display time (in seconds): time in seconds that indicates how long the logout screen will be shown to a user before they are automatically redirected to the application transition page after the logout.

  • Configure account memorization:

    • Account memorization is enabled by default. Disable it if necessary.

    • Account memorization: account memorization mode. Specify Memorize one account to make each log-in by a new account in the browser overwrite the memorized log-in of the previous account or :bdg-primary: Memorize all accounts so that each log-in by a new account adds another account to the list of memorized accounts in the browser.

    • Displayed username: specify how to form a username displayed on the login page as a regular expression, for example: ${family_name-} ${given_name-}. This regular expression allows displaying the last name and first name of the user stored in the family_name and given_name attributes.

    • Displayed user ID: specify how to form an account ID displayed as the second line on the login page, as a regular expression, for example: ${email-$phone_number}. This regular expression allows to display one of the contacts stored in the email or phone_number attributes (if both are present, email is displayed). You can use value masking when customizing. For example, the ${phone_number&maskInMiddle(3,3)} rule will display the middle numbers of a phone number as *.

    • Show avatar: specify whether to display a user avatar on the login page.