Category
Blog: Configuration
All blog posts related to Configuration.

Multi-Tenancy Setup Guide

EnterpriseConfigurationMulti TenancyEnterpriseConfiguration

Configure multi-tenant authentication for SaaS applications with proper isolation and customization.

Tenant Configuration

{
  "tenant": {
    "id": "tenant-123",
    "name": "Acme Corp",
    "domain": "acme.auth.com",
    "settings": {
      "branding": {
        "logo": "https://...",
        "colors": {
          "primary": "#007bff"
        }
      }
    }
  }
}

Data Isolation

Each tenant has isolated:

  • User database
  • Configuration
  • Audit logs
  • API keys

Custom Domains

server {
  server_name *.auth.com;
  
  location / {
    proxy_pass http://auth-service;
    proxy_set_header X-Tenant-ID $tenant_id;
  }
}

Tenant Resolution

const tenant = await resolveTenant({
  domain: req.hostname,
  apiKey: req.headers['x-api-key']
});

For advanced configurations, see our enterprise documentation.

Read more

Rate Limiting Configuration

SecurityConfigurationRate LimitingSecurityApi

Protect your authentication endpoints with configurable rate limiting rules.

Basic Configuration

rateLimits:
  login:
    windowMs: 900000 # 15 minutes
    max: 5 # limit each IP to 5 requests per windowMs
  register:
    windowMs: 3600000 # 1 hour
    max: 3
  passwordReset:
    windowMs: 3600000
    max: 3

Custom Rules

const customLimiter = rateLimit({
  keyGenerator: (req) => {
    return req.headers['x-api-key'] || req.ip;
  },
  handler: (req, res) => {
    res.status(429).json({
      error: 'Too many requests',
      retryAfter: 60
    });
  }
});

Redis-Based Rate Limiting

const redisStore = new RedisStore({
  client: redisClient,
  prefix: 'rl:'
});

const limiter = rateLimit({
  store: redisStore,
  windowMs: 15 * 60 * 1000,
  max: 100
});

Bypass Rules

const bypassList = ['trusted-ip-1', 'trusted-ip-2'];

if (bypassList.includes(req.ip)) {
  return next();
}

For distributed rate limiting, see our scaling guide.

Read more

Custom Domain Configuration

ConfigurationEnterpriseDomainsSslConfiguration

Set up custom domains to provide branded authentication experiences.

DNS Configuration

Add the following records to your DNS:

Type    Host            Value
CNAME   auth           verify.authcompany.com
TXT     _verify.auth    verification-token-123

SSL Certificate Setup

domain:
  name: auth.yourcompany.com
  ssl:
    autoProvision: true
    provider: letsencrypt

Verification Process

const domainSetup = await auth.domains.create({
  domain: 'auth.yourcompany.com',
  verifyOwnership: true
});

console.log(domainSetup.verificationToken);

Nginx Configuration

server {
    server_name auth.yourcompany.com;
    
    ssl_certificate /etc/ssl/certs/auth.yourcompany.com.crt;
    ssl_certificate_key /etc/ssl/private/auth.yourcompany.com.key;
    
    location / {
        proxy_pass http://auth-backend;
        proxy_set_header Host $host;
    }
}

For wildcard certificates and advanced setups, see our enterprise guide.

Read more

Password Policy Configuration

SecurityConfigurationPasswordsSecurityPolicies

Configure password policies to enforce strong authentication security standards.

Basic Policy Configuration

{
  "passwordPolicy": {
    "minLength": 12,
    "requireUppercase": true,
    "requireLowercase": true,
    "requireNumbers": true,
    "requireSpecialChars": true,
    "maxLength": 128
  }
}

Advanced Rules

const advancedPolicy = {
  preventCommonPasswords: true,
  preventUserInfo: true,
  minUniqueChars: 5,
  preventRepeatingChars: 3,
  preventSequentialChars: 3
};

Password History

passwordHistory:
  enabled: true
  rememberCount: 5
  minimumAgeDays: 1

Expiration Policy

const expirationPolicy = {
  enabled: true,
  expirationDays: 90,
  warningDays: 14,
  gracePeriodDays: 7
};

Breach Detection

auth.passwordPolicy.enableBreachDetection({
  checkAgainstLeaks: true,
  autoForceReset: true,
  notifyUser: true
});

For custom validation rules and enterprise policies, see our security guide.

Read more