Authentication
Secure access to the Olympus Cloud platform.
Overview
Olympus Cloud supports multiple authentication methods:
- Password Authentication - Email and password
- Multi-Factor Authentication (MFA) - Additional verification
- Single Sign-On (SSO) - Enterprise identity providers
- API Keys - Service-to-service authentication
Password Authentication
Password Requirements
| Requirement | Minimum |
|---|---|
| Length | 12 characters |
| Complexity | Upper, lower, number, special |
| History | Cannot reuse recent passwords |
| Expiration | Configurable by policy |
Logging In
- Go to login page
- Enter email address
- Enter password
- Complete MFA if enabled
- Access granted
Password Reset
- Click Forgot Password
- Enter email address
- Check email for reset link
- Link expires in 1 hour
- Create new password
Multi-Factor Authentication
MFA Methods
| Method | Description |
|---|---|
| Authenticator App | TOTP codes (Google Authenticator, Authy) |
| SMS | Text message codes |
| Email verification codes | |
| Hardware Key | FIDO2/WebAuthn (YubiKey) |
| Biometric | Device biometrics (Face ID, Touch ID) |
Enabling MFA
- Go to Account > Security
- Click Enable MFA
- Choose method
- Follow setup instructions
- Save backup codes
Backup Codes
warning
Store your backup codes in a secure location immediately after enabling MFA. If you lose access to both your primary MFA method and your backup codes, account recovery requires administrator intervention.
When enabling MFA:
- Save backup codes securely
- Use if primary method unavailable
- Each code works once
- Request new codes if depleted
Single Sign-On (SSO)
Supported Providers
| Protocol | Providers |
|---|---|
| SAML 2.0 | Okta, Azure AD, OneLogin, Ping |
| OAuth 2.0 | Google, Microsoft, custom |
| OIDC | Any OIDC-compliant provider |
SSO Setup
- Go to Organization > Settings > SSO
- Select protocol
- Enter identity provider details
- Configure attribute mapping
- Test connection
- Enable for users
Just-in-Time Provisioning
With SSO enabled:
- New users created automatically on first login
- Attributes synced from identity provider
- Group memberships mapped to roles
API Authentication
API Keys
For service-to-service authentication:
- Go to Settings > API Keys
- Click Create Key
- Name the key (descriptive)
- Set expiration
- Copy key (shown once)
- Store securely
Key Security
danger
Never embed API keys directly in source code or commit them to version control. Use environment variables or a secrets manager for all credentials.
| Practice | Description |
|---|---|
| Rotate Regularly | Replace keys periodically |
| Minimum Scope | Only needed permissions |
| Environment Variables | Never in code |
| Audit Usage | Monitor key activity |
JWT Tokens
For user-context API calls:
- Access tokens for API requests
- Refresh tokens for renewal
- Short-lived access tokens
- Secure token storage
Session Management
Session Duration
| Session Type | Default Duration |
|---|---|
| Web | 8 hours idle, 24 hours max |
| Mobile | 30 days refresh |
| API | Token-based expiration |
Session Security
- Sessions bound to device/IP
- Concurrent session limits
- Forced logout on password change
- Activity-based extension
Viewing Sessions
- Go to Account > Security > Sessions
- See all active sessions
- Device, location, last activity
- Terminate specific sessions
Security Events
Monitored Events
| Event | Logged |
|---|---|
| Login Success | User, time, location, device |
| Login Failure | Reason, attempts |
| Password Change | User, time |
| MFA Events | Setup, use, bypass |
| Session Events | Create, expire, terminate |
Login Alerts
Configure alerts for:
- Login from new device
- Login from new location
- Failed login attempts
- Account locked
Account Security
Account Lockout
| Trigger | Action |
|---|---|
| Failed Logins | Temporary lockout after threshold |
| Suspicious Activity | Manual or automatic lock |
| Policy Violation | Admin lock |
Unlocking Accounts
For locked accounts:
- Wait for lockout period
- Use password reset
- Contact administrator
- Admin unlocks in portal
Best Practices
For Users
- Use strong, unique passwords
- Enable MFA
- Don't share credentials
- Log out on shared devices
- Review active sessions regularly
For Administrators
- Require MFA for all users
- Implement SSO where possible
- Review authentication logs
- Set appropriate session timeouts
- Conduct regular access reviews
Troubleshooting
Common Issues
| Issue | Solution |
|---|---|
| Can't log in | Check email/password, reset if needed |
| MFA not working | Sync device time, use backup codes |
| SSO failing | Check IdP status, verify configuration |
| Session expired | Log in again |