# Authentication

## Requirements

* **Linux Control Center**: version **2.12.X** or higher
* **Pre-configured Single Sign-On (SSO)** provider

***

## Overview

The **Linux Control Center (LCC)** allows your users to centrally configure their authentication service through the **"Config Authentication"** menu.

Through this service, you can:

* Control the creation of users through external authentication providers integrated with the LCC
* Define **TOTP** settings
* Manage **active providers**
* Create authentication rules for **groups** and **users**
* Perform other security configurations

***

### Authentication Panel

1. Access the **Authentication** panel through the **Config** option in the side menu.
2. Click on the **Authentication** option.

   ![](/files/sATWE1flFI6BbkcbUKXd)

***

### Initial Configuration

Configure the initial parameters according to your needs:

```
![](/pt-br/images/authentication/inicial.png)
```

* **Default Provider ID**: Default provider identifier, used if the user does not select a different one at the time of authentication
* **TOTP Time Tolerance**: Tolerance time to validate the TOTP code after starting the login
* **TOTP Time Tmp Token Login Validation**: Tolerance time for using a rotated TOTP token
* **Local Login All Users**: Applies the rules in this panel to all local LCC users
* **Providers Auto Create User**: Allows LCC to create the authenticated user via provider locally, if it does not already exist
* **TOTP Force All Users**: Forces all users to use TOTP to login, regardless of the provider selected

***

### Selecting Users and Groups

1. Click **Next** to select the **users** that will have rules applied during login.

   ![](/files/QRtbf44VTN6IlHZQw4kO)
2. In the **groups** tab, select the groups that will also have the rules applied.

   ![](/files/buVer4b8qmOJr0dw4AQS)

***

### Selecting Providers

In the **Providers** tab, define which providers will be available for login.

```
![](/pt-br/images/authentication/providers.png)
```

***

### TOTP by User and Group

1. Individually select the users that will be logged in via **TOTP**.

   ![](/files/uluim6HTItPr1GilAOap)
2. Click **Next** to define the **groups** that should also use TOTP at login.

   ![](/files/5EChRGfQULPBcJfPrLn6)
3. Click **Save** to save the settings and apply them to the LCC Console.

***

> 💡 **Hint**: When defining users individually and **disabling the `TOTP Force All Users`** flag, other users will still be able to manually activate TOTP in their **Profile** panel to use it at login.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.linuxcontrolcenter.com.br/en/configs-integrations/user-management/authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.