Operations

Authentication

Configure identity flows, session handling, and provider integrations for secure access control.

Supported auth patterns

Email and OTP

Passwordless or OTP flows with recovery and verification steps.

SSO and OIDC

Enterprise identity providers with claim mapping and role sync.

Social providers

Microsoft, Google, and custom OAuth provider integrations.

Service tokens

Machine-to-machine access for automation and integrations.

Session model

Short-lived access tokens with refresh rotation.
HTTP-only cookies for browser sessions.
Server-side validation for privileged actions.
Idle timeout and forced re-authentication controls.

Provider setup checklist

  1. Register OAuth apps and set approved redirect URIs.
  2. Configure client IDs, secrets, and required scopes.
  3. Map provider claims to workspace roles.
  4. Test login, logout, and token refresh flows.

Troubleshooting

  • Redirect URI mismatch or trailing slash errors.
  • Clock skew causing early token expiration.
  • Missing scopes or consent not granted.
  • Blocked third-party cookies in embedded browsers.

Security best practices

  • Enable MFA for privileged roles.
  • Limit token TTL for admin accounts.
  • Rotate client secrets and revoke stale tokens.
  • Monitor suspicious login attempts and device changes.