# Configuration

This configuration panel lets admins fine-tune security, access control, and web integration behaviors for the entire Tellius environment. Each setting plays a role in governing user sessions, login behavior, sharing permissions, and trusted sources for embedding content.

<figure><img src="https://977923713-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FJHwf1QFuv1BRPzfSnL2Z%2Fuploads%2FzvJQ6Sdc1cW8W3CD9q5r%2Fimage.png?alt=media&#x26;token=6ce67ffc-0a11-45fa-88ec-4b11440639fe" alt="" width="563"><figcaption><p>Configuration settings</p></figcaption></figure>

**Username case sensitivity:** Determines whether usernames are treated as case-sensitive. If enabled, `JohnDoe` and `johndoe` are treated as different users.

**Strong password check:** Ensures users create secure passwords with rules such as minimum length, special characters, upper/lower case letters, and numbers. &#x20;

**Idle session timeout:** Automatically logs users out after a period of inactivity to protect sensitive data. Set the duration and time unit (minutes, hours, or days). Minimum allowed is 15 minutes; maximum is 7 days.

**Enable auto-login for SSO:** Provides a seamless experience by automatically logging users in via their SSO provider.

* If enabled, users are automatically redirected and signed in through their SSO (e.g., Okta, Azure AD) without needing to click “Login.”
* If disabled, users must manually initiate login even if SSO is configured.

**Creation of user accounts:** Controls whether new user accounts can be created within Tellius.

* If enabled, accounts can be auto-provisioned (e.g., on first SSO login) or manually created by admins.
* If disabled, only existing accounts can log in; no new user profiles will be created.

**Restrict sharing without write access:** Prevents users who don’t have write permissions from sharing content with others.

* If enabled, only users with write access can share Vizpads, Insights, etc.
* If disabled, all users, even those with view-only rights, can share content.

**Web configurations:** Specifies a list of approved domains allowed to embed Tellius content. Enter fully qualified domain names (e.g., `https://embed.tellius.com`) such as internal web apps, authorized cloud services, localhosts etc. in the **Trusted Origins** field.

Only these domains can securely interact with Tellius through embedded Vizpads, or APIs.

Click on **Save** button to apply all changes. Changes are applied instantly and may affect session behavior, user access, and embedding permissions across Tellius.