> ## Documentation Index > Fetch the complete documentation index at: https://docs.lighton.ai/llms.txt > Use this file to discover all available pages before exploring further. # Authentication and Password Management > Learn how LightOn’s authentication system works, which password security rules are enforced, and how SSO helps meet your organization’s specific security and compliance requirements. ### Password security rules When creating or resetting a password, the following rules apply: * Your password **cannot be too similar to your other personal information**. * It must contain **at least 8 characters**. * It cannot be a **commonly used password**. * It cannot be **entirely numeric**. * It must include **at least one lowercase letter**, **one uppercase letter**, **one digit**, and **one special character**. 👉 You are free to choose a longer password (12, 16 characters or more), but the above rules are **not customizable**.\ 👉 If your organization requires specific policies (e.g. longer length, rotation, advanced complexity), you will need to use **SSO**. ### Features not natively supported At this stage, our authentication system does **not** include: * **Two-Factor Authentication (2FA/MFA)**. * **Automatic password expiration**. These features are **not planned in the roadmap**.\ Our strategy is to focus on our core product features and delegate identity management to specialized providers via SSO. ### SSO support in Paradigm The Paradigm platform supports SSO via the following protocols: * **SAML** — Available in all our plans. Compatible with major providers (Keycloak, Okta, Ping, Azure AD, etc.) → [see documentation](/en/administration/iam/authentication/sso-activation). * **OpenID Connect (OIDC)** — Available in all our plans → [see documentation](/en/administration/iam/authentication/sso-activation). * **LDAP** — Directory-based authentication for corporate environments → [see documentation](/en/administration/iam/authentication/ldap-configuration). 👉 [Activate SSO in Paradigm](/en/administration/iam/authentication/sso-activation) ### User management and compliance * User account management can be automated using **SCIM** (create, delete, deactivate) → [see documentation](/en/administration/iam/user-management/scim-user-provisioning#what-is-scim). * Account deletion and deactivation are **immediate** and tracked in an **audit log**. * The system is **GDPR-compliant**. For other standards (ISO 27001, NIST, etc.), compliance depends on your SSO infrastructure. **In summary**: * Without SSO: a robust but non-customizable system. * With SSO: full flexibility to align Paradigm with your security policies.