Skip to content


TheHive supports several authentication providers:

  • local (credential are securely stored in TheHive database)
  • directory (LDAP and Active Directory)
  • OAuth2/OpenID-Connect
  • SAML
  • based on HTTP header to delegate authentication to reverse proxy

Authentication main page

Multi-factor authentication can be enabled to enforce security on user authentication.

Several authentication providers can be enable. Each of them is check sequentially (order is important).

Active Directory#

Active Directory configuration page


LDAP configuration page

OAuth2 / OpenID-Connect#

OAuth2 configuration page


SAML configuration page

User synchronisation#

The user can be provisionned and deprovisionned automatically based on the content of a directory. The user data are synchronised periodically. New users in LDAP are created in TheHive, removed users are disabled.

The organisation membership and the profile of an user are set using LDAP groups. The configuration contain the mapping of LDAP groups with organisation/profile. LDAP synchronisation configuration page