Frequently Asked Questions (FAQ)

How long does it take before I get logged out?

The default session idle time is 3 days. This means that if you are inactive for 3 days, you will be logged out automatically.

This can be changed in the Keycloak realm settings in the Sessions tab.

Keycloak has internal 2 minute sychronisation buffer time so it’s actually the idle time plus 2 minutes.

Password Complexity Requirements

By default password must fulfill following:

• Minimum Length: 8

• Maximum Length: 64

• Lowercase Characters: At least 1

• Uppercase Characters: At least 1

• Digits: At least 1

• Special characters: At least 1

• Must be different than last 5 passwords used

• Can’t be the same as username

• Can’t be the same as email

Login timeout

If user tries to log in with incorrect password 3 times in succession in 1 hour period, he will be locked out. At first, the lockout lasts 1 minute. With each following lockout this time increases by 30 seconds up to 1 hour.

The lockout time resets after 1 hour, after last failed login attempt.

Attempting to log in multiple times in the span of 500 milliseconds will also trigger the lockout.

Login Page inactive timeout

The login session will timeout after keeping the Login dialog open for more than 5 minutes. This will results in login session timeout and the new login session will start.

SSO

DW supports single sign on integration using OIDC. Integration with following identity providers is supported:

• Okta

• Azure Entra ID

MFA

DW Supports MFA authentication using OTP. MFA can be set either as optional or mandatory.

Supported authenticators:

• Google Authenticator (Apple, Android)

• Microsoft Authenticator (Apple, Android)