# User Policies

{% hint style="info" %}
Replica manages authentication with Keycloak. Default password, session, and login settings follow common security baselines. Replica SSO administrators handle custom changes. Contact your account manager for exceptions or review the [Keycloak documentation](https://www.keycloak.org/documentation).
{% endhint %}

## User Policies

### Passwords

* Minimum password length: 15 characters

### Login Lockouts (Brute Force Detection)

Default settings:

* Max login failures: 30 — after this point a lockout is triggered.
* Permanent lockout: disabled
* Wait increment: 1 minute before a lockout ends
* Max failure count reset: after 12 hours
* Quick login check: 1 second. Faster attempts trigger a lockout.
* Minimum wait after a quick login: 1 minute before the lockout ends

### Login Timeout Settings

Default settings:

* Login Timeout: 30 minutes
* Login action timeout: 5 minutes

### SSO Session Settings

Default settings:

* SSO Session Idle: 30 minutes
* SSO Session Max: 10 minutes


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.replicacyber.com/admin-guide/user-management/user-policies.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.