{"section":"tutorials","requestedLocale":"en","requestedSlug":"authentication","locale":"en","slug":"authentication","path":"docs/en/tutorials/authentication/authentication-basics/authentication.md","branch":"main","content":"Authentication is the process of validating a user's identity, which, on VTEX, can be done in three different ways:\n\n* [Login](#login): Verifies and validates the user's identity when accessing an online store or the VTEX Admin.\n* [Developing integrations](#developing-integrations): Authenticates requests made to VTEX APIs from integrations with external services. This validation is usually through API keys or user tokens.\n* [Developing apps](#developing-apps): Ensures the legitimacy of communication between applications developed with VTEX IO and VTEX APIs. This validation is usually through authentication tokens.\n\n## Login\n\nOn VTEX, login authentication occurs in two contexts: in the webstore, when customers log in to access their profile or place an order, and in the Admin, when admin users log in to manage the store's administrative environment.\n\nYou need to configure which authentication method will be available in each context. See the available options in the table below:\n\n| Login method | Description | Webstore | Admin |\n|---|---|---|---|\n| Access code | A random numeric code is sent to the user's email, and they use this code to log in. | Can be enabled | Always enabled |\n| Password | The user creates a password and logs in using their email and password. Merchants can choose to [enforce password expiration](#enforcing-password-expiration) after a specific period. | Can be enabled. Password expiration can be enabled. | Always enabled. Password expiration can be enabled. |\n| Facebook | The user logs in using their Facebook account. Check out the [Configuring login with Facebook and Google](/en/docs/tutorials/configuring-login-with-facebook-and-google) guide for more information. | Can be enabled | Not available |\n| Google | The user logs in using their Google account. Check out the [Configuring login with Facebook and Google](/en/docs/tutorials/configuring-login-with-facebook-and-google) guide for more information. | Can be enabled | Can be enabled |\n| Integration with other ID providers | The user logs in using their account from other external ID providers through an integration. Read the [Login (SSO)](https://developers.vtex.com/docs/guides/login-integration-guide) developer guide to learn more. | Can be enabled using the OAuth protocol.  Read the [Webstore (OAuth 2.0)](https://developers.vtex.com/docs/guides/login-integration-guide-webstore-oauth2) developer guide to learn more. | Can be enabled using the SAML protocol. Read the [Admin (SAML 2.0)](https://developers.vtex.com/docs/guides/login-integration-guide-admin-saml2) developer guide to learn more. |\n\n> ℹ️ At least one of the login methods in the table above must be enabled for the webstore.\n\n> ⚠️ You must have a valid admin [user](/en/docs/tutorials/managing-admin-users) to log in to the VTEX Admin. The [roles](/en/docs/tutorials/roles) and permissions assigned to the user specify which[ resources](/en/docs/tutorials/license-manager-resources) they can use in the Admin.\n\n### Enabling login methods\n\nOn the **Authentication** page, you can choose which login methods you want to offer for your store's customers and administrative users accessing the Admin.\n\n![Authentication page](https://cdn.statically.io/gh/vtexdocs/help-center-content/refs/heads/main/docs/en/tutorials/authentication/authentication-basics/authentication_1.png)\n\nFollow the steps below to enable the desired login methods:\n\n1. In the top bar of the VTEX Admin, click your profile avatar, indicated by the initial letter of your email address.\n2. Click **Account settings > Authentication**.\n\n    You will be redirected to the **Webstore** tab listing the login methods available in your store. In this tab, you can enable the desired customer login methods.\n\n    To configure the login methods in the Admin for administrative users, click the **Admin** tab.\n\n    See the table in the [Login](#login) section to learn about the available login methods and access the documentation explaining how to configure them.\n\n### Enforcing password expiration\n\nIf the password login option is enabled, you can set user passwords to expire after a specified number of days. To do this, follow the instructions below:\n\n1. In the top bar of the VTEX Admin, click your profile avatar, indicated by the initial letter of your email address.\n2. Click **Account settings > Authentication**.\n3. Click the **Webstore** or **Admin** tab.\n4. In the **Password** row, click` Edit`. \n5. Check the **Enforce password expiration** option.\n6. Select a period after which user passwords will become invalid. You can choose **15**, **30**, or **90** days.\n7. Click `Save`.\n\nOnce the expiration period is reached, users will be required to reset their password when attempting to log in.\n\n## Developing integrations\n\nWhen developing integrations using VTEX [APIs](https://developers.vtex.com/docs/guides/getting-started), you must provide authentication parameters for the desired operations. See the available methods below:\n\n- **Application keys (appKeys):** [Application keys](/en/docs/tutorials/api-keys) authenticate requests made to VTEX APIs. Store admins can create keys and associate them with [roles](/en/docs/tutorials/roles), allowing them to use certain platform[ resources](/en/docs/tutorials/license-manager-resources). Learn more in the [API authentication using application keys](https://developers.vtex.com/docs/guides/api-authentication-using-application-keys) developer guide.\n-\t**User tokens:** User tokens authenticate API requests, especially for[ frontend](/en/docs/tracks/frontend) applications developed with VTEX IO. Learn how to use them in the [API authentication using user tokens](https://developers.vtex.com/docs/guides/api-authentication-using-user-tokens) developer guide.\n\n## Developing apps\n\nAuthentication tokens (auth tokens) are required for authentication when developing apps on VTEX IO. Learn more in the [App authentication using auth tokens](https://developers.vtex.com/docs/guides/app-authentication-using-auth-tokens) developer guide."}