Skip to main content

Authentication Methods

Introduction

As an administrator, you can configure multiple sign-in methods for your users. Holistics supports:

You can enable or disable these methods based on your organization's security requirements.

Login Methods

Password-based Authentication

This method allows your users to authenticate using an email-password pair. When enabled, users will see the Sign in with Email option on the Sign In page.



Password Requirements: To maintain account security, you can enforce these password requirements:

  • Minimum 8 characters
  • Combination of lowercase and uppercase letters
  • At least 1 number
  • Cannot contain company name or email address
  • Must not be too weak

Google Sign-In

You can enable Google Sign-In to allow your users to authenticate using their Google accounts. When enabled, users will see the Sign In with Google option, which opens a pop-up for Google credentials.


Single Sign On (SSO)

Note

This feature is only available in Enterprise plan.

You can implement SSO to provide a secure, streamlined authentication process for your organization. For detailed configuration steps, visit SSO Authentication.

Configure Login Methods

You can control which authentication methods are available to your users:

  1. Navigate to settings Settings > General Settings > Security > Login Mechanism
  2. Select the allowed login methods from the dropdown box.
Single Sign On

Two-Factor Authentication (2FA)

You can enable 2FA for password-based authentication. For SSO and Google authentication, 2FA settings are managed through their respective identity providers.

For more details, see Two-factor Authentication.

FAQs

Can users have multiple active sessions?

A: Yes, users can maintain multiple active sessions simultaneously without restrictions.

What is the session timeout policy?

A: For security purposes, sessions automatically timeout after 30 minutes of inactivity. Users will be logged out after this period. Consider informing your users to save their work or refresh their session during extended periods of inactivity to prevent data loss.


Let us know what you think about this document :)