# Security

## Users

Every user on workspace has many **authentication** options.

### Password

This authentication method is called **BASIC** and requires username and password.

### MFA

This authentication method is called **MFA** and requires sequentially :

1. BASIC method
2. Email confirmation

You can enable **trusted device policy** (avoid email reconfirmation for devices flagged as trusted from user)

### IDK

This authentication method is called **IDK** (Identity Key) and requires a private key.

You can **force IDK** as the only authentication method for the user.

## Resources

Every resource on workspace is **shareable** with users or groups and is secured by **PPK** (Personal Private Key).

Every user must generate his own PPK before managing resources on platform

## Personal Tokens

Every user can **generate** his own personal token.

Personal token is used to **authenticate** **Agent App** to the cloud

Personal token is composed by a **key** and a **secret**