# 1. Identity & Access: General

The **Identity & Access** section controls how users and systems authenticate and access the platform.

The **General** page defines core security and authentication rules for the entire system.

Here you can:

1. Restrict access by **IP whitelist**
2. Set **session duration** and **login attempt limits**
3. Configure authentication methods:  
    Internal login
    
    WebAuthn
    
    Combined login modes
4. Enable **multi-factor authentication (MFA)**
5. Enable **phone-based TFA**
6. Require **reCAPTCHA on login**

These settings apply globally and help enforce your organization’s security policies.