> ## Documentation Index
> Fetch the complete documentation index at: https://docs.noxus.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Identity management and authentication configuration in Noxus

Noxus provides a flexible and secure authentication system designed for enterprise environments. While **Auth0** is utilized as the default underlying identity provider, the platform's behavior is managed through a comprehensive `auth_config` system.

## Supported Connections

Noxus supports multiple authentication methods, allowing you to mix and match providers based on your security requirements.

<CardGroup cols={2}>
  <Card title="Social & OAuth" icon="share-nodes">
    Native support for **Google OAuth2**, **GitHub**, and **Microsoft** (Windows Live) logins.
  </Card>

  <Card title="Enterprise SSO" icon="building-shield">
    Robust **SAML** and **SAMLP** integration for seamless federation with corporate identity providers.
  </Card>
</CardGroup>

***

## Configuration Surface (`auth_config`)

The platform's authentication behavior is governed by a central configuration schema that controls everything from branding to complex attribute mapping.

### Whitelabeling & UI

Customize the login experience to match your corporate identity:

* **Logo & Size**: Configure custom `whitelabel_logo` and adjust its display size.
* **Branding**: Set a custom `whitelabel_name` and `whitelabel_primary_color`.

### Security & Tenant Policies

* **Domain Restriction**: Use `allowed_domains` or `allowed_email_pattern` to restrict access to specific corporate domains.
* **Email Verification**: Enforce `force_email_verification` for all new signups.
* **MFA**: Globally require multi-factor authentication via `require_mfa`.
* **Session Control**: Define `session_duration_hours` to manage login persistence.

### Workspace & Onboarding

* **Autojoin**: Set `autojoin_tenant_id` to automatically place new users (from any signup path — password, OAuth, SAML/SSO) into a specific tenant rather than prompting them to create one. Required when SAML attribute mapping references tenant roles or workspaces.
* **Personal Workspaces**: Toggle `allow_personal_workspace` to enable a per-user "personal workspace" option for invites and SAML attribute mappings. When on, the Add User dialog exposes a "Create a personal workspace" toggle, and "Personal Workspace" becomes a valid choice inside SAML `default_workspaces` / rule workspaces.
* **Onboarding**: Use `skip_onboarding` for a more streamlined entry for experienced users.

***

## SAML Attribute Mapping

For enterprise deployments using SAML, Noxus offers an advanced **Attribute Mapping** engine. This allows you to autonomously manage user permissions based on their identity provider groups or attributes.

### Mapping Rules

You can define rules that match specific SAML attributes (e.g., `groups`, `department`, `role`) using modes like `exact`, `contains`, or `regex`.

### Automated Provisioning

When a rule matches, Noxus can:

* **Assign Workspaces**: Automatically add users to specific workspaces with predefined roles (Admin, Editor, Reader).
* **Create Workspaces**: Dynamically create workspaces on-the-fly if they don't exist.
* **Set Tenant Roles**: Assign the user's global role within the organization.
* **Default Workspaces**: Set a specific workspace as the user's default landing environment.

***

## Redirect Management

Noxus supports sophisticated redirect logic to handle complex multi-domain environments. You can define a `redirect_map` that routes users to different URLs based on their login domain, including support for wildcard patterns (e.g., `*.example.com`).

<CardGroup cols={2}>
  <Card title="Authorization" icon="lock" href="/deployment/security/authorization">
    Learn how to manage permissions after a user is authenticated.
  </Card>

  <Card title="Secrets Management" icon="key" href="/deployment/configuration/secrets">
    See how to securely store your authentication credentials.
  </Card>
</CardGroup>
