Authentication and access controls
This guide covers login security, MFA, SSO, and API access controls.
Set login methods
OXVO supports configurable login methods based on your workspace policy and enabled features.
Recommended baseline:
- Use one primary IdP or verified email/password policy.
- Enforce strong password requirements in your identity policy.
Enable multi-factor authentication (MFA)
When MFA policy is enabled, users can enroll and verify OTP-based second factor.
Recommended rollout:
- Pilot with admins.
- Expand to all privileged users.
- Enforce for all users based on policy.
Open security settings directly: Open Security Settings
Set up SAML SSO (if enabled)
SAML settings typically require:
- SSO URL
- IdP entity ID
- X509 certificate
- Optional role mappings
Both workspace-level SSO enablement and account-level feature access may be required.
API Access Tokens
User API integrations use api_access_token header-based authentication.
Best practices:
- Use dedicated service users where possible.
- Rotate tokens regularly.
- Scope usage by workspace permissions.
Profile settings page: Open Profile Settings
Warning: Never share API access tokens in chat, tickets, or screenshots.
📷 Image (optional): Security Settings With MFA And SSO
Why: Shows where administrators configure authentication policy controls.
File:docs/images/security-settings-mfa-sso.png
AI prompt: "Clean OXVO security settings UI screenshot with sections for MFA status, SAML SSO configuration, API access guidance, modern SaaS admin style with neutral gray and primary accent, synthetic values only, no third-party logos, 1600x1000, crisp typography."