---
title: "Authentication"
---
# Authentication

Karolina supports multiple authentication methods to fit your organization's security requirements.

## Standard Login

The default login method using email and password.

### Signing In

1. Navigate to [app.karolina.ai](https://app.karolina.ai)
2. Enter your email address
3. Enter your password
4. Click **Sign In**

### Password Requirements

- Minimum 8 characters
- At least one uppercase letter
- At least one number
- At least one special character

### Resetting Your Password

If you forgot your password:

1. Click **Forgot Password** on the login page
2. Enter your email address
3. Check your inbox for a reset link
4. Follow the link to set a new password

Reset links expire after 24 hours.

## Single Sign-On (SSO)

SSO allows you to authenticate using your organization's identity provider.

### Supported Providers

| Provider | Protocol |
|----------|----------|
| Okta | SAML 2.0, OIDC |
| Azure AD | SAML 2.0, OIDC |
| Google Workspace | OIDC |
| OneLogin | SAML 2.0 |
| Generic SAML 2.0 | SAML 2.0 |

### Setting Up SSO

Only organization admins can configure SSO.

1. Go to **Settings** → **Security**
2. Click **Configure SSO**
3. Select your identity provider
4. Enter the required configuration details:
   - **Entity ID**: `https://karolina.ai/saml/{organization-id}`
   - **SSO URL**: From your identity provider
   - **Certificate**: X.509 certificate from your IdP
5. Click **Save Configuration**
6. Test the connection
7. Enable SSO for your organization

### SSO Login

Once SSO is configured:

1. Go to [app.karolina.ai](https://app.karolina.ai)
2. Click **Sign in with SSO**
3. Enter your organization email
4. You'll be redirected to your identity provider
5. Authenticate with your IdP credentials
6. You'll be automatically logged into Karolina

## SAML 2.0 Configuration

For organizations with custom SAML implementations:

### Required SAML Attributes

| Attribute | Required | Description |
|-----------|----------|-------------|
| `email` | Yes | User's email address |
| `firstName` | Yes | User's first name |
| `lastName` | Yes | User's last name |
| `groups` | No | Group memberships for RBAC |

### Service Provider Details

```
Entity ID: https://karolina.ai/saml/metadata.xml
ACS URL: https://karolina.ai/api/auth/saml/callback
SLO URL: https://karolina.ai/api/auth/saml/slo
```

## Multi-Factor Authentication (MFA)

MFA adds an extra layer of security to your account.

### Enabling MFA

1. Go to **Settings** → **Profile** → **Security**
2. Click **Enable MFA**
3. Scan the QR code with your authenticator app
4. Enter the verification code
5. Save your backup codes in a secure location

### Supported Authenticator Apps

- Google Authenticator
- Authy
- 1Password
- Microsoft Authenticator
- Any TOTP-compatible app

## Session Management

### Session Duration

- Default session: 7 days
- SSO sessions: Synchronized with IdP
- Concurrent sessions: Up to 3 devices

### Signing Out

Click your avatar → **Sign Out** to end your current session.

## Troubleshooting

| Issue | Solution |
|-------|----------|
| Can't receive password reset email | Check spam folder, verify email address |
| SSO not redirecting properly | Clear browser cookies, check IdP settings |
| MFA codes not working | Check device time sync, use backup codes |
| Locked out of account | Contact admin or hello@karolinahq.com |

## Next Steps

Once authenticated, proceed to [onboarding](onboarding.md) to set up your workspace.
