Settings

Face Login offers several additional settings to customize your service. Please notice that these settings are applied across the instance. You cannot customize these settings at the client level.

---

Appearance

Appearance settings allow you to customize the look of the face login screen. Refer to each child section for details.

Page title

Click Edit on the right of the Page title.

Enter the title name and click Save.

When the user tries to log in, this setting will be reflected in the browser page title.

---

Authentication flow

Authentication flow settings configure what methods are allowed during the login process. Refer to each child section for details. The face login method is always enabled and cannot be turned off.

MFA (SMS) with face login

This option decides whether an extra MFA via SMS is required when using face to log in.

• Only the first time: By selecting this option, the user will be asked to finish an MFA via SMS after the first successful login by face.
• Never: By selecting this option, the user will not need further action after successful login by face.

Username/password login

This option controls whether to enable the username/password login as an alternative.

• Enabled: By selecting this option, the Sign in with other methods option will be available on the face login screen. After clicking it, you will find the Username and password option to allow users to sign in with their username and password.
• Disabled: By selecting this option, the Sign in with other methods option will not be displayed, and users cannot sign in with their username and password.

MFA (SMS) with username/password login

This option decides whether an extra MFA via SMS is required when using the username/password to log in.

• Always required: By selecting this option, the user will be asked to finish an MFA via SMS every time after successful login by username/password.
• Only the first time: By selecting this option, the user will be asked to finish an MFA via SMS after the first successful login by username/password.
• Never: By selecting this option, the user will not need further action after successful login by username/password.

First-time login password reset

This option decides whether a new user must change the password when logging in for the first time.

📘

Face Login for Windows

Please set this option to Never if you are using Face Login for Windows, otherwise the an error will happen when trying login.

Identities registered before switiching to Never will need to reset password before using the service on Winodws.

• Only the first time: By selecting this option, the user will be asked to change the password after the first successful login.
• Never: By selecting this option, the user will not need further action after the first successful login.

Liveness detection threshold

This value controls the level of liveness detection. The higher the threshold is, the easier for users to pass the liveness detection, but also the riskier that a hacker would pass it. If the value is set to 1, it equals no liveness detection being performed. Please change the value at your own risk based on your user's environment and your security requirements.

Facial recognition threshold

This value controls the level of facial recognition. The lower the threshold is, the easier for users to get recognized by faces, but also the riskier that false acceptance would occur. Please change the value at your own risk based on your user's environment and your security requirements.

---

Security level

Security level settings enable more detailed options to cater to your organization's security requirements. Refer to each child section for details.

Password minimum length

This option allows setting a minimum password length following their security requirements. You can set any number between 1 to 256. By default, this value is set to 8.

Click Edit on the right of the Password minimum length.

Enter the number and click Save to apply the setting.

📘

About changing the password minimum length

Changing this value will not force all existing users to update their current password to follow this rule. But this rule will apply if the user or the admin wants to reset a new password.

Password expires after

This option sets the forced password-changing period. If the value is 0, the user will never be asked to reset their password. You can set any number between 0 to 999999999. By default, this value is set to 0.

Click Edit on the right of the Password expires after.

Enter the number and click Save to apply the setting.

The user will be asked to reset a new password if the password expires after the next successful login.

MFA Verification expires after

This option applies a TTL (Time to live) of the MFA used in MFA (SMS) with face login or MFA (SMS) with username/password login. This option only takes effect if the two setting items of MFA are not set to Never. If the value is 0, users will be asked to finish an MFA via SMS every time after successful login. You can set any number between 0 to 999999999. By default, this value is set to 14 (days).

Click Edit on the right of the MFA Verification expires after.

Enter the number and click Save to apply the setting.

If the MFA options are enabled, the user will be asked to re-do the MFA after the designated period.

Self-password reset

This option enables/disables the option for end users to change the password by themselves. If this option is disabled, the password reset option will not be displayed on the login page.

---

IDP information

The IDP information (SAML 2.0 Identity Provider Metadata) is required to integrate with service providers. You can download the metadata file here.

Click Download on the right of the XML file and the metadata.xml file will be downloaded.