# Login Screen

## About

The login screen is the first screen users see when they access Keeper Connection Manager. Users use a username and password, or SSO credentials to authenticate into the rest of the platform.

<figure><img src="https://3357255970-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fb7weUpu7VBcMnESSH8vG%2Fuploads%2FQvlzDRCyUrK1Yzkwsdc3%2Fimage.png?alt=media&#x26;token=59676edd-749c-4189-8750-f0f2902fdc90" alt=""><figcaption></figcaption></figure>

### Logging In

#### Username

Users use their username to login to Keeper Connection Manager. This username is set when creating or importing users.

{% hint style="info" %}
The KCM username is sometimes an email address, but it can be a non-email username as well.
{% endhint %}

#### Password

The user's password. Set when creating or importing the user. Passwords can also be reset by users if allowed.

{% hint style="info" %}
TIP: The Keeper Browser Extension can be used to automatically fill in the Keeper Connection Manager username and password!
{% endhint %}

### Other Login Methods

See the authentication documentation pages for more information about setting up additional login methods such as LDAP, SAML 2.0, and OpenID Connect as well as information on setting up 2FA

{% content-ref url="/pages/mZNB2f8g0Acm2wcTBXgY" %}
[Authentication Options](/en/keeper-connection-manager/authentication.md)
{% endcontent-ref %}

## Login Attempt Limits

As of KCM version 2.9.6, KCM can be configured to limit a user's ability to login after multiple consecutive failed login attempts. This blocks brute-force login attacks on KCM instances.

{% hint style="info" %}
By default KCM will lock a user out of logging in for 5 minutes after 5 failed attempts
{% endhint %}

This setting can be removed, and the number of attempts before a user is locked out and how long they are locked for can be configured with the following guacamole properties or environment variables (depending on installation method):

<table><thead><tr><th width="238">Docker Compose Property</th><th width="235">Environment Variable</th><th width="106">Type</th><th>Descriptions</th></tr></thead><tbody><tr><td><code>ban-max-invalid-attempts</code></td><td><code>BAN_MAX_INVALID_ATTEMPTS</code></td><td>number</td><td>The number of invalid attempts before a user is locked out</td></tr><tr><td><code>ban-address-duration</code></td><td><code>BAN_ADDRESS_DURATION</code></td><td>number</td><td>The amount of time in seconds a user is locked out for after hitting the invalid attempts limit</td></tr><tr><td><code>ban-max-addresses</code></td><td><code>BAN_MAX_ADDRESSES</code></td><td>number</td><td>The number of addresses that KCM will track to check for invalid attempts. Defaults to <code>10485760</code></td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.keeper.io/en/keeper-connection-manager/using-keeper-connection-manager/login-screen.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.