Local authentication (email & password)
By default, Firezone will use local email / password for authenticating users to
the Firezone portal. Administrators can add users and assign their passwords on
/users page. See Add users for more details.
Although local authentication is quick and easy to get started with, you can limit attack surface by disabling local authentication altogether. See our OIDC or SAML guides for details. For production deployments it's usually a good idea to disable local authentication and enforce MFA through your identity provider.
If you choose to keep Local authentication enabled, we recommend enabling TOTP-based MFA for any accounts that use the local authentication method.
Disabling local authentication
Local authentication can be enabled or disabled from the
or via the REST API.
If you've disabled local authentication and can no longer authenticate to the portal
to re-enable it, see our troubleshooting guide
local authentication from the CLI.