Local Authentication
By default, Firezone will use local email / password for authenticating users to
the Firezone portal. Administrators can add users and assign their passwords on
the /users page. See Add users for more
details.
Although local authentication is quick and easy to get started with, you can limit attack surface by disabling local authentication altogether. See our OIDC or SAML guides for details. For production deployments it's usually a good idea to disable local authentication and enforce MFA through your identity provider.
If you choose to keep Local authentication enabled, we recommend enabling TOTP-based MFA for any accounts that use the local authentication method.
Disabling local authentication
Local authentication can be enabled or disabled from the /settings/security
page or via the REST API. If you've
disabled local authentication and can no longer authenticate to the portal to
re-enable it, see our
troubleshooting guide
for re-enabling local authentication from the CLI.