Authentication
Authentication settings let Tenant Admins manage how their workspace handles sign-in, including optional SSO via OIDC.
Sign-in is now passwordless TestOrchestrator no longer uses passwords. Everyone signs in with an email magic link / one-time code, or with Google or GitHub — see Log In. As a result, the Internal Login and Password Policy controls below govern a password-based login method that is no longer presented to users. They remain in the admin UI but do not affect how people sign in today. Workspace SSO (External Providers) is unaffected.
Who can manage these settings?
The Authentication page is only accessible to Tenant Admins. Project Admins and Regular Users cannot view or change authentication settings.
Two tabs
Authentication settings are split into two tabs in Admin → Authentication:
- Internal — Legacy email/password login rules (lockout, remember login, password reset) and the Password Policy (length, character requirements). These controls are retained in the UI but no longer govern how users sign in, because password login has been replaced by passwordless sign-in.
- External — OIDC/SSO providers. Configure Google, Microsoft, or any generic OIDC identity provider as a workspace single sign-on method.
Internal Login
Legacy email/password login controls — lockout, password reset, and remember login. No longer used for sign-in.
Password Policy
Legacy length and character requirements for passwords. No longer enforced, since sign-in is passwordless.
External Providers
Add OIDC/SSO login methods — Google, Microsoft, or a generic OIDC identity provider.