Supported Authentication Methods

This article details the authentication methods that are configurable within Templafy.

Email Authentication

Overview

• When email authentication is used, Templafy acts as the Identity Provider.
• The first time a user signs into Templafy, they will receive an email with a verification link. Once the user clicks on the verification link, they will be redirected to the Templafy Web App and asked to create a password.
  • Users are then able to sign into Templafy using their email address and password.

Details

• Security: Templafy only stores hashed and salted (encrypted) values of passwords.
• Lockout Mechanism: Templafy prevents brute force attacks by locking the attempted email address for 5 seconds + a random amount after 2 unsuccessful login attempts. After 10 unsuccessful retries, the attempted email address is blocked for 5 minutes.
• Password Reset: Can only be done via the registered email address for the account, to prevent theft of credentials.
• User Personal Data: User first and last name are defined when the user creates an account and are stored in our user management log with the hashed password, the tenant the user belongs to, and the chosen authentication method (email).
• Multifactor Authentication: Templafy does not support MFA for email authentication.
• Token: The refresh token that is issued upon a successful authentication is valid for 14 days.
• Logs: An owner on the Templafy tenant can review logins that have been performed with email authentication.

Single Sign-On (SSO) Authentication

Supported Protocols

• SAML2
• OpenID Connect

Supported Identity Providers

IdP specific implementation guides can be found here.

• Microsoft Entra ID
• ADFS
• OKTA
• OneLogin
• Google Workspace
• Ping Federate
• CA Single-Sign On (formerly CA SiteMinder)