Multi-factor Authentication and Single Sign On
Multi-factor authentication (MFA) enables a higher level of security when accessing JFrog applications. This ensures that if a user’s credentials are compromised, the MFA method will prevent malicious hackers from gaining access to JFrog applications.
MFA is supported on JFrog Saas solution only.
SAML (Security Assertion Markup Language) is an XML standard for exchanging user authentication and authorization information between web domains.
The JFrog Platform offers a SAML-based Single Sign-On service allowing federated JFrog partners (identity providers) full control over the authorization process.
The JFrog Platform provides a flexible permissions model that gives administrators fine-grained control over how users and groups access the different resources. Permissions are managed from a central location, where you can control users’ or groups’ access permissions.
Temporary Login Suspension
When a login attempt fails, the system will temporarily suspend that user’s account for a brief period of time. If login attempts fail repeatedly, the suspension period will increase each time.
User Account Locking
In addition to temporary login suspension, you can configure the system to lock a user’s account after a specified number of failed login attempts.
Secure your passwords
On Self-managed installations, we encourage our customers to change their password after they log in for the first time, and to make sure it’s compliant with the customer’s password policy. If you forget the admin account password, you can recover it. Please refer to Recreating the Default Admin User.
On JFrog Saas solution our customers need to provide a strong admin password.
Login passwords are stored as hashes or encrypted hashes.
To keep your own passwords secure, you may choose to encrypt them as described in Key Encryption.