{"section":"tracks","requestedLocale":"en","requestedSlug":"authentication-and-security","locale":"en","slug":"authentication-and-security","path":"docs/en/tracks/vtex-modules-getting-started/accounts-and-permissions/authentication-and-security.md","branch":"main","content":"The security of your VTEX account depends on proper authentication settings for administrative users (Admin) and clients (online store).\n\n## Available authentication methods\n\nVTEX offers different login methods that can be enabled based on your needs:\n\n| Method | Admin | Online store |\n| ------------------------------------------- | -------------- | -------------- |\n| Access code | Always enabled | Optional |\n| Password | Always enabled | Optional |\n| 2FA (required for Admin) | ✅ Required | Not applicable |\n| Google | Optional | Optional |\n| Facebook | Not available | Optional |\n| SAML 2.0 | Optional | Not available |\n| OAuth 2.0 | Not available | Optional |\n\n**Where to configure:** _Account settings > Authentication_\n\n> ℹ️ Learn more in [Authentication](https://help.vtex.com/docs/tutorials/authentication).\n\n## Two-factor authentication (2FA)\n\n> ❗ Two-factor authentication (2FA) is **required** to log in to Admin using email and password.\n\n2FA adds a second layer of security, requiring a temporary code generated on your phone in addition to your password.\n\nThe available methods are:\n\n- **Authentication app (Recommended)**: Use Google Authenticator to generate codes on your phone. Works offline and is more secure.\n- **SMS**: Receive codes by text message. Depends on your phone company.\n\nThe code is requested every 10 days on the same browser.\n\n> ℹ️ Learn more in [Enabling two-factor authentication login](https://help.vtex.com/docs/tutorials/enabling-2-factor-authentication-login).\n\n> ℹ️ To recover access, see [Resetting VTEX Admin password](https://help.vtex.com/docs/tutorials/resetting-vtex-admin-password).\n\n## Social login (Google and Facebook)\n\nAllow users to log in with Google or Facebook accounts, providing convenience and using the security of these providers.\n\n- **Google**: Available for Admin and online store\n- **Facebook**: Only available for online store\n\n**Configuration:** Requires creating credentials (Client ID and Client Secret) with the providers and entering them in the Admin.\n\n> ℹ️ Learn more in [Configuring login with Facebook and Google](https://help.vtex.com/docs/tutorials/configuring-login-with-facebook-and-google).\n\n## Password expiration\n\nSet passwords to expire automatically after 15, 30, or 90 days, enforcing periodic renewal.\n\n**Where to configure:** _Account settings > Authentication > Password > Edit_\n\n## Advanced integrations\n\n**SAML 2.0 (Admin)** \nIntegrate with corporate identity providers (Azure AD, Okta, etc.)\n\n> Learn more in [Admin (SAML 2.0)](https://developers.vtex.com/docs/guides/login-integration-guide-admin-saml2).\n\n**OAuth 2.0 (Online store)** \nIntegrate with external providers for customized login experiences.\n\n> Learn more in [Webstore (OAuth 2.0)](https://developers.vtex.com/docs/guides/login-integration-guide-webstore-oauth2).\n\n## Best practices\n\n- Use app-based 2FA, not SMS\n- Configure password expiration\n- Require strong passwords (at least 8 characters, numbers, uppercase and lowercase letters)\n- Enable only necessary methods\n- Review access regularly\n\n## Learn more\n\n- [Authentication](https://help.vtex.com/docs/tutorials/authentication)\n- [Enabling two-factor authentication login](https://help.vtex.com/docs/tutorials/enabling-2-factor-authentication-login)\n- [Configuring login with Facebook and Google](https://help.vtex.com/docs/tutorials/configuring-login-with-facebook-and-google)\n- [Resetting VTEX Admin password](https://help.vtex.com/docs/tutorials/resetting-vtex-admin-password)\n- [Setting up personal data on the user's screen](https://help.vtex.com/docs/tutorials/setting-up-personal-data-on-the-users-screen)"}