- New User Accounts
- Enables users to create their own account via web interface.
- Lost Password
- Activates lost password feature for users. If "no" is selected here, the password can only be changed via the admin interface.
Hint
Normally, especially when using LDAP, you might want to consider to disable both above options, because you'd normally do that via LDAP.
This section allows you to define password requirements for the local user accounts.
Note
Zammad does not allow you to change your LDAP password, instead, it will set a password in it's local database which might confuse your users. This will be addressed in the future by #1169 and #2389.
You can choose a value between 4 and 20. This defines how often a login to a user account may fail until Zammad will lock it. Please note that via UI the only way to unlock a user account is to change the password (either as admin or via password reset function (if enabled)). The default value is 10.
You can add complexity into passwords by enforcing at least 2 upper and lower case characters. The default value is no.
This defines the minimum password length required (from 4 to 20). The default value is 6.
This enforces your users to at least use one digit with his password. The default value is yes.
Third party authentication is a great way to help your users to login to Zammad easier. If the account is yet unknown, Zammad will create a new user automatically, without the user needed to interact (e.g. type in his name). Another big advantage of this feature is that your user doesn't need another password to remember.
In general there's two ways two possible ways to handle how Zammad deals with users it already knows (from whatever source) when you try to authenticate against a third-party application. By default, Zammad will not automatically link "unknown" authentication providers to existing accounts. This means that the user has to manually link authentication providers to their accounts (for more about this consult the user documentation).
Sometimes, this doesn't come in handy, as this also means if you're trying to authenticate against a (yet) unknown third party authentication, Zammad will throw an error telling you, that the E-Mail-Address is already in use. If you want to ensure that no matter if your user links his account or not, you might want to enable "Automatic account link on initial logon"
Hint
We're currently missing the following documentations for login providers:
- Generic OAuth2
.. toctree:: :maxdepth: 1 security-thirdparty/facebook security-thirdparty/github security-thirdparty/gitlab security-thirdparty/google security-thirdparty/microsoft security-thirdparty/twitter