Security requirements
Use security requirements to define login methods, two-factor authentication settings, and password requirements. You can configure security requirements from your Studio: go to Platform > Security and select the Security requirements tab.
Once you have configured one or more security requirements, add them to security profiles so you can apply them to your application. For example, you can combine multiple password requirements into a single password policy and apply this to all users or to users in a particular role.
| Requirement | Description |
|---|---|
| Login methods | |
| Email & Password | Enabled by default. |
| Microsoft (both for Azure AD and personal live.com accounts) | Enabled by default. |
| Enabled by default. | |
| Currently unavailable. | |
| EindhovenAD / NedstruikAD | Customer-specific AD integration. |
| eRecognition | |
| DigiD | Only available for a few municipalities. |
| Two factor authentication (2FA) | |
| Two factor authentication needed | Enable two factor authentication. Off by default. |
| Enabled by default. | |
| SMS | When enabled, users are prompted to provide a phone number on first login. A time-based one-time passcode (TOTP) is sent to the phone number provided on each login attempt. |
| App | When enabled, users are shown a QR code on first login and prompted to configure two-factor authentication via their chosen app. To log in, users must enter the time-sensitive code provided by the app. |
| Password requirements | |
| Password length | Minimum length of the password. Enabled and set to 10 by default. |
| Password complexity | Complexity on a scale from 1 to 100, as defined by zxcvbn. Enabled and set to 75 by default. |
| Password minimal lowercase | Minimum number of lowercase characters. |
| Password minimal upper case | Minimum number of uppercase characters. |
| Password minimal numbers | Minimum number of numbers. |
| Password minimal special characters | Minimum number of special characters. |
| Password maximum sequential characters | Maximum number of sequential characters. |
| Password age | Number of days before a new password must be chosen. |
| Password history | The number of previously used passwords, also known as the historical passwords list. The new password may not exist in this list. Enabled and set to 10 by default. Does not apply to user invitations or when a user sets their password for the first time. |