Authentication & Identity

Authentication methods powered by Better Auth framework

Authentication Options

Email & Password

Available now. Secure password hashing, account lockout, email verification, password reset.

SSO & OAuth

Available upon request. Azure AD, Okta, Google Workspace, and other OIDC providers.

Multi-Factor Auth

Available upon request. TOTP authenticator apps, SMS, email verification.

Current Features

Email & Password (available now):

  • Password complexity requirements
  • Account lockout after failed attempts
  • Email verification for new accounts
  • Secure password reset flow

Sessions:

  • Secure sessions stored in Redis
  • Configurable timeout (default 8 hours)
  • Secure cookie flags (HttpOnly, Secure, SameSite)

Available Upon Request

Our framework (Better Auth) supports these features - contact us to enable:

  • OAuth 2.0 - Microsoft, Google, GitHub, and 20+ providers
  • OpenID Connect (SSO) - Azure AD, Okta, Auth0, OneLogin, custom providers
  • Multi-Factor Authentication - TOTP apps, SMS, email codes
  • SAML 2.0 - Enterprise SSO (in development)
  • API Keys - Programmatic access (in development)

Authorization

Role-Based Access Control:

  • Admin - Full organizational control, user management
  • Editor - Create and modify graphs, execute queries, import data
  • Viewer - Read-only access to graphs and saved queries

SSO Setup

For organizations requiring SSO integration:

  1. Contact your account representative
  2. Provide identity provider details (Azure AD, Okta, etc.)
  3. We configure the integration
  4. Test with pilot users, then roll out

Typical setup time: days, not weeks.

Contact

To enable advanced authentication features, contact your account representative with your requirements.

Security

Enterprise-grade security features and compliance posture

Kubernetes Guide

Detailed Kubernetes deployment instructions for DevOps teams