Settings > Security has four tabs: Two-Factor Authentication, Audit Logs, SSO, and Data Retention.
Two-factor authentication
The Two-Factor Authentication tab secures your account with an authenticator app (TOTP, such as Google Authenticator or Authy). Scan the QR code, enter a verification code to confirm, then save the one-time recovery codes in case you lose your device (you can regenerate them later from the same tab). Some roles — Owner, System Administrator, and Organization Administrator — are required to enable two-factor authentication and are prompted to set it up at login. An active-session viewer and new-device login alerts are not yet available.
Audit Logs
The Audit Logs tab shows a tamper-evident record of significant actions in your organization (logins, record changes, permission changes, exports). It is read-only and cannot be edited or deleted.
SSO (SAML)
The SSO tab configures SAML 2.0 single sign-on only. Connect an identity provider such as Okta, Azure AD / Entra, OneLogin, or JumpCloud: Tormano gives you the Service Provider details to register, and you supply your IdP's entity ID, SSO URL, and x509 certificate. Enabling Enforce SSO blocks email/password sign-in so users must authenticate through your IdP. (The one-click Continue with Google and Continue with Microsoft buttons on the login page are separate sign-in shortcuts, not configured here.)
Data Retention
Set how long certain records are kept before automatic cleanup. See the Data Retention help for which windows are enforced.