authelia/docs/content/en/configuration/first-factor/introduction.md

---
title: "First Factor"
description: "Configuring Authelia First Factor Authentication."
lead: "Authelia uses a username and password for a first factor method. This section describes configuring this."
date: 2022-06-15T17:51:47+10:00
draft: false
images: []
menu:
  configuration:
    parent: "first-factor"
weight: 102100
toc: true
aliases:
  - /c/1fa
  - /docs/configuration/authentication/
---

There are two ways to integrate *Authelia* with an authentication backend:

* [LDAP](ldap.md): users are stored in remote servers like [OpenLDAP], [OpenDJ], [FreeIPA], or
  [Microsoft Active Directory].
* [File](file.md): users are stored in [YAML] file with a hashed version of their password.

## Configuration

```yaml
authentication_backend:
  refresh_interval: 5m
  password_reset:
    disable: false
    custom_url: ""
```

## Options

### refresh_interval

{{< confkey type="duration" default="5m" required="no" >}}

This setting controls the interval at which details are refreshed from the backend. Particularly useful for
[LDAP](#ldap).

### password_reset

#### disable

{{< confkey type="boolean" default="false" required="no" >}}

This setting controls if users can reset their password from the web frontend or not.

#### custom_url

{{< confkey type="string" required="no" >}}

The custom password reset URL. This replaces the inbuilt password reset functionality and disables the endpoints if
this is configured to anything other than nothing or an empty string.

### file

The [file](file.md) authentication provider.

### ldap

The [LDAP](ldap.md) authentication provider.

[OpenLDAP]: https://www.openldap.org/
[OpenDJ]: https://www.openidentityplatform.org/opendj
[FreeIPA]: https://www.freeipa.org/
[Microsoft Active Directory]: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/ad-ds-getting-started
[YAML]: https://yaml.org/
feat: major documentation refresh (#3475) This marks the launch of the new documentation website. 2022-06-15 07:51:47 +00:00			`---`
			`title: "First Factor"`
			`description: "Configuring Authelia First Factor Authentication."`
			`lead: "Authelia uses a username and password for a first factor method. This section describes configuring this."`
docs: update dates (#3615) 2022-06-28 05:27:14 +00:00			`date: 2022-06-15T17:51:47+10:00`
feat: major documentation refresh (#3475) This marks the launch of the new documentation website. 2022-06-15 07:51:47 +00:00			`draft: false`
			`images: []`
			`menu:`
			`configuration:`
			`parent: "first-factor"`
			`weight: 102100`
			`toc: true`
			`aliases:`
			`- /c/1fa`
			`- /docs/configuration/authentication/`
			`---`

			`There are two ways to integrate Authelia with an authentication backend:`

			`* [LDAP](ldap.md): users are stored in remote servers like [OpenLDAP], [OpenDJ], [FreeIPA], or`
			`[Microsoft Active Directory].`
			`* [File](file.md): users are stored in [YAML] file with a hashed version of their password.`

			`## Configuration`

			```yaml
			`authentication_backend:`
			`refresh_interval: 5m`
			`password_reset:`
feat(configuration): automatically map old keys (#3199) This performs automatic remapping of deprecated configuration keys in most situations. 2022-06-28 03:15:50 +00:00			`disable: false`
feat: major documentation refresh (#3475) This marks the launch of the new documentation website. 2022-06-15 07:51:47 +00:00			`custom_url: ""`
			```

			`## Options`

			`### refresh_interval`

			`{{< confkey type="duration" default="5m" required="no" >}}`

			`This setting controls the interval at which details are refreshed from the backend. Particularly useful for`
			`[LDAP](#ldap).`

feat(configuration): automatically map old keys (#3199) This performs automatic remapping of deprecated configuration keys in most situations. 2022-06-28 03:15:50 +00:00			`### password_reset`

			`#### disable`
feat: major documentation refresh (#3475) This marks the launch of the new documentation website. 2022-06-15 07:51:47 +00:00
			`{{< confkey type="boolean" default="false" required="no" >}}`

			`This setting controls if users can reset their password from the web frontend or not.`

			`#### custom_url`

			`{{< confkey type="string" required="no" >}}`

			`The custom password reset URL. This replaces the inbuilt password reset functionality and disables the endpoints if`
			`this is configured to anything other than nothing or an empty string.`

			`### file`

			`The [file](file.md) authentication provider.`

			`### ldap`

			`The [LDAP](ldap.md) authentication provider.`

			`[OpenLDAP]: https://www.openldap.org/`
			`[OpenDJ]: https://www.openidentityplatform.org/opendj`
			`[FreeIPA]: https://www.freeipa.org/`
			`[Microsoft Active Directory]: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/ad-ds-getting-started`
			`[YAML]: https://yaml.org/`