Tenant Settings
Your tenant is your organization's workspace in Optare. Configure settings to customize authentication behavior.
Accessing Tenant Settings
- Log in to Optare Console (opens in a new tab)
- Go to Settings → Organization
General Settings
Organization Name
The display name shown to users during authentication.
Acme CorporationOrganization Slug
A unique URL-safe identifier used in login URLs.
acmeLogin URL: https://id.optare.one/login?org=acme
Logo
Upload your organization logo. Displayed on:
- Login page
- Email templates
- User consent screens
Requirements:
- PNG or SVG format
- Minimum 200x200 pixels
- Maximum 2MB file size
Authentication Settings
Allowed Authentication Methods
Choose which methods users can use to log in:
| Method | Description |
|---|---|
| Email/Password | Traditional login |
| Magic Link | Passwordless email login |
| Social Logins | Google, GitHub, Microsoft |
| Enterprise SSO | SAML-based SSO |
| Passkeys | WebAuthn/FIDO2 |
Password Policy
Configure password requirements:
| Setting | Recommended |
|---|---|
| Minimum length | 12 characters |
| Require uppercase | Yes |
| Require lowercase | Yes |
| Require number | Yes |
| Require special character | No (optional) |
Session Settings
| Setting | Description | Default |
|---|---|---|
| Access Token Lifetime | How long access tokens are valid | 1 hour |
| Refresh Token Lifetime | How long users stay logged in | 30 days |
| Idle Timeout | Log out after inactivity | 24 hours |
Security Settings
Multi-Factor Authentication (MFA)
| Option | Description |
|---|---|
| Optional | Users choose to enable |
| Required for Admins | Admins must use MFA |
| Required for All | All users must use MFA |
Allowed Domains
Restrict signups to specific email domains:
acme.com
subsidiary.acme.comIP Allowlist
Restrict access to specific IP addresses (Enterprise feature):
203.0.113.0/24
198.51.100.50Branding Settings
Login Page
Customize the appearance of your login page:
| Setting | Description |
|---|---|
| Primary Color | Buttons and links |
| Background | Background color or image |
| Logo Position | Top, center, or left |
| Footer Text | Custom text in footer |
Email Templates
Customize transactional emails:
- Welcome email
- Password reset
- Magic link
- Invitation
- MFA enrollment
Advanced Settings
Webhooks
Receive notifications when events occur:
https://yourapp.com/api/webhooks/optareEvents: user.created, user.login, member.invited, etc.
SCIM Provisioning
Enable automatic user provisioning from identity providers:
- Enable SCIM in tenant settings
- Copy the SCIM endpoint URL
- Configure in your IdP (Okta, Azure AD, etc.)
Audit Logs
View all authentication events:
- User logins
- Failed attempts
- Settings changes
- Member additions
Logs retained for 90 days (Enterprise: 1 year).
Next Steps
- Applications - Register OAuth clients
- Connections - Set up SSO
- Security Best Practices