Authentication & Identity Federation
Last modified on February 1, 2023
General Security Settings
StrongDM allows customers to define timeouts for Client session length and Client and AdminUI idle periods to suit the customer’s specific needs.
Brute Force Attacks
There are countermeasures in place to combat brute force account attacks. A user’s account will be automatically locked after five failed authentication attempts. The lock is removed after five minutes, after which the user can attempt to log in again. This automatic lockout period greatly limits the efficacy of a brute force attack.
OIDC Federation & SSO
StrongDM can integrate with Duo Security to enforce multi-factor authentication on all SDM Client sessions. See Set up MFA with Duo for details.
When using StrongDM’s native authentication, customer administrators can enforce minimum password requirements for all users.
All user passwords are hashed using the
bcrypt, with at least 13 rounds. Passwords are never stored or logged in plain text.
StrongDM regularly revisits the chosen hashing algorithm and number of rounds to ensure we are adhering to industry best practices.
StrongDM allows customers to federate with a variety of Identity Providers to manage user identity and authentication.
In addition to offering integrations with a variety of SSO providers, StrongDM also allows the use of any OpenID Connect (OIDC)-compliant SSO service. Support for OIDC in general opens the door to many more providers than StrongDM would otherwise create and maintain specific integrations for, while not compromising on security.
StrongDM integrates with Okta and Azure AD to enable SCIM-based user provisioning, allowing customers to manage their users within their centralized Identity Provider.