Page Comparison

Although each realm can have variations in what information we collect., or what authentication policy process is setup, there is a minimum set of recommendations that should be follow in each realm setup.

User registration fields

Information not collected:

• Country: not necessary, as the user will be on a real that

...

Guidelines

In general, we will setup Keycloak mirroring PSI’s authentication policy guidelines which can be summarised as detailed below.

PSI’s Password

...

guidelines

Status
colour Green title implemented june 2023

• 8 characters or more

• Never expires

• must include

  • one lower case,

  • one upper case,

    one number and

  • one special character

• Not user name

• Not email

PSI' 2FA

Status
colour Green title implemented June 2023

• Enrolment via FreeOTP, Google or Microsoft authenticator

• valid for 60 days per application/device

  • Example: if a user authenticates Firefox on a given laptop, and then uses Google Chrome on the same device, the user will need to authenticate again.

2FA optional

Status
title NOT IMPLEMENTED

• Geo-limit: if IP is > 500 miles from previous login, request 2FA

Email verification

Status
colour Green title implemented June 2023

If a user list is imported, emails can be marked as verified.

If users self-register, they are expected to verify their email by following the link send at the time of account creation.

Phone Verification

Status
title NOT IMPLEMENTED

If a user list is imported, phones can be marked as verified.

...