Authentication & Identity Federation

General Security Settings #

Timeouts #

StrongDM allows customers to define timeouts for Client session length and Client and AdminUI idle periods to suit the customer’s specific needs.

Brute Force Attacks #

There are countermeasures in place to combat brute force account attacks. A user’s account will be automatically locked after five failed authentication attempts. The lock is removed after five minutes, after which the user can attempt to log in again. This automatic lockout period greatly limits the efficacy of a brute force attack.

OIDC Federation & SSO #

Multi-factor authentication #

StrongDM has multiple options for the enforcement of multi-factor authentication on StrongDM client sessions, which can be found in the MFA section.

Native Authentication #

Password requirements #

When using StrongDM’s native authentication, customer administrators can enforce minimum password requirements for all users.

Password Hashing #

All user passwords are hashed using the bcrypt, with at least 13 rounds. Passwords are never stored or logged in plain text.

StrongDM regularly revisits the chosen hashing algorithm and number of rounds to ensure we are adhering to industry best practices.

Identity Federation #

StrongDM allows customers to federate with a variety of Identity Providers to manage user identity and authentication.

OIDC SSO #

In addition to offering integrations with a variety of SSO providers, StrongDM also allows the use of any OpenID Connect (OIDC)-compliant SSO service. Support for OIDC in general opens the door to many more providers than StrongDM would otherwise create and maintain specific integrations for, while not compromising on security.

User Provisioning #

StrongDM integrates with Okta and Microsoft Entra ID (formerly Azure AD) to enable SCIM-based user provisioning, allowing customers to manage their users within their centralized Identity Provider.