# Authentication methods

> Configure and manage authentication methods for your Holistics account

## Introduction
As an administrator, you can configure multiple sign-in methods for your users. Holistics supports:
- [Password-based Authentication](#password-based-authentication)
- [Google Sign-In](#google-sign-in)
- [Single Sign On (SSO)](#single-sign-on-sso)

You can enable or disable these methods based on your organization's security requirements.

## Login methods
### Password-based authentication
This method allows your users to authenticate using an email-password pair. When enabled, users will see the **Sign in with Email** option on the Sign In page.

**Password Requirements**: To maintain account security, you can enforce these password requirements:
- Minimum 8 characters
- Combination of lowercase and uppercase letters
- At least 1 number
- Cannot contain company name or email address
- Must not be too weak

### Google sign-in
You can enable Google Sign-In to allow your users to authenticate using their Google accounts. When enabled, users will see the **Sign In with Google** option, which opens a pop-up for Google credentials.

### Single sign on (SSO)
:::info Note
This feature is only available in [**Enterprise** plan](https://www.holistics.io/pricing/).
:::

You can implement SSO to provide a secure, streamlined authentication process for your organization. For detailed configuration steps, visit [SSO Authentication](/docs/authentication/sso).

## Configure login methods
You can control which authentication methods are available to your users:

1. Navigate to 
settings  **Settings** > **General Settings** > **Security** > **Login Mechanism**
2. Select the allowed login methods from the dropdown box.

## Two-factor authentication (2FA)
You can enable 2FA for password-based authentication. For SSO and Google authentication, 2FA settings are managed through their respective identity providers.

For more details, see [Two-factor Authentication](/docs/authentication/2fa).

## FAQs
### Can users have multiple active sessions?
A: Yes, users can maintain multiple active sessions simultaneously without restrictions.

### What is the session timeout policy?
A: For security purposes, sessions automatically timeout after 30 minutes of inactivity. Users will be logged out after this period. Consider informing your users to save their work or refresh their session during extended periods of inactivity to prevent data loss.