Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Version History

« Previous Version 2 Next »

In general, we will setup keycloak mirroring PSI’s authentication policy which can be summarized as follow:

PSI’s Password policy

  • 8 characters or more

  • Never expires

  • must include

    • one lower case,

    • one upper case,

      one number and

    • one special character

  • Not user name

  • Not email

PSI' 2FA

  • valid for 30 days per application/ device

  • Geo-limit: if IP is > 500 miles from previous login, request 2FA

Additionally, PSI is due to implement OTP phone numbers for verification.

Keycloak policy - as implemented

Jose Garcia Munoz Daniel Castelao

  • No labels