You're viewing documentation for the legacy version of Firezone, now End-of-Life. View the latest docs here.

Local Authentication

By default, Firezone will use local email / password for authenticating users to the Firezone portal. Administrators can add users and assign their passwords on the /users page. See Add users for more details.

Although local authentication is quick and easy to get started with, you can limit attack surface by disabling local authentication altogether. See our OIDC or SAML guides for details. For production deployments it's usually a good idea to disable local authentication and enforce MFA through your identity provider.

If you choose to keep Local authentication enabled, we recommend enabling TOTP-based MFA for any accounts that use the local authentication method.

Disabling local authentication

Local authentication can be enabled or disabled from the /settings/security page or via the REST API. If you've disabled local authentication and can no longer authenticate to the portal to re-enable it, see our troubleshooting guide for re-enabling local authentication from the CLI.