> ## Documentation Index
> Fetch the complete documentation index at: https://docs.statusstack.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Login methods, OAuth, 2FA, and SAML authentication for StatusStack

## Overview

StatusStack supports multiple authentication methods to fit your security requirements, from simple email/password to enterprise SSO.

***

## Authentication Methods

<CardGroup cols={2}>
  <Card title="Email & Password" icon="envelope">
    Traditional username/password authentication
  </Card>

  <Card title="Google OAuth" icon="google">
    Sign in with your Google account
  </Card>

  <Card title="Microsoft OAuth" icon="microsoft">
    Sign in with Microsoft/Azure AD
  </Card>

  <Card title="SAML 2.0" icon="shield">
    Enterprise single sign-on (Enterprise plan)
  </Card>
</CardGroup>

***

## Email & Password

### Creating an Account

<Steps>
  <Step title="Sign Up">
    Visit [statusstack.com/register](https://statusstack.com/register)
  </Step>

  <Step title="Enter Details">
    ```yaml theme={null}
    Email: your@company.com
    Password: (8+ characters, mix of letters/numbers/symbols)
    Company Name: Your Company
    ```
  </Step>

  <Step title="Verify Email">
    Check your email for verification link

    Click link to activate account
  </Step>

  <Step title="Complete Setup">
    Set up your first team and Stack
  </Step>
</Steps>

### Password Requirements

**Minimum requirements:**

* 8 characters minimum
* At least one uppercase letter
* At least one number
* At least one special character

**Recommended:**

* 12+ characters
* Use a password manager
* Unique password (not reused)
* Enable 2FA for added security

### Password Reset

<Steps>
  <Step title="Request Reset">
    Go to [statusstack.com/forgot-password](https://statusstack.com/forgot-password)
  </Step>

  <Step title="Check Email">
    Reset link sent to your email

    Valid for 1 hour
  </Step>

  <Step title="Set New Password">
    Click link and enter new password
  </Step>
</Steps>

***

## OAuth Authentication

### Google Sign-In

<Steps>
  <Step title="Click Google Sign-In">
    On login page, click **"Sign in with Google"**
  </Step>

  <Step title="Select Account">
    Choose your Google account
  </Step>

  <Step title="Grant Permissions">
    Allow StatusStack to:

    * View email address
    * View basic profile info
  </Step>

  <Step title="Logged In">
    Automatically redirected to dashboard
  </Step>
</Steps>

**Benefits:**

* No password to remember
* Automatic security from Google
* Faster login
* Google 2FA supported

### Microsoft Sign-In

<Steps>
  <Step title="Click Microsoft Sign-In">
    On login page, click **"Sign in with Microsoft"**
  </Step>

  <Step title="Enter Microsoft Email">
    Use your work or personal Microsoft account
  </Step>

  <Step title="Authenticate">
    Complete Microsoft authentication

    Supports Azure AD and MFA
  </Step>

  <Step title="Logged In">
    Redirected to dashboard
  </Step>
</Steps>

**Enterprise benefits:**

* Integrates with Azure AD
* Respects conditional access policies
* Supports multi-factor authentication
* Centralized account management

***

## Two-Factor Authentication (2FA)

Add an extra layer of security:

### Enabling 2FA

<Steps>
  <Step title="Open Security Settings">
    Dashboard → **Settings** → **Security** → **Two-Factor Authentication**
  </Step>

  <Step title="Choose Method">
    <Tabs>
      <Tab title="Authenticator App">
        **Recommended**

        1. Install authenticator app (Google Authenticator, Authy, 1Password)
        2. Scan QR code
        3. Enter 6-digit code
        4. Save backup codes
      </Tab>

      <Tab title="SMS">
        **Alternative**

        1. Enter phone number
        2. Receive verification code via SMS
        3. Enter code
        4. Save backup codes
      </Tab>
    </Tabs>
  </Step>

  <Step title="Save Backup Codes">
    **Important:** Store backup codes securely

    ```
    XXXX-XXXX-XXXX
    XXXX-XXXX-XXXX
    XXXX-XXXX-XXXX
    ```

    Use if you lose access to 2FA device
  </Step>

  <Step title="2FA Enabled">
    Required on every login
  </Step>
</Steps>

### Using 2FA

**Login flow with 2FA:**

1. Enter email and password
2. Prompted for 6-digit code
3. Open authenticator app
4. Enter current code
5. Logged in

**Trusted devices:**

* Optionally mark device as trusted
* Skip 2FA for 30 days on that device
* Can revoke trust anytime

***

## SAML 2.0 SSO (Enterprise)

Enterprise single sign-on integration:

### Supported Identity Providers

* **Okta**
* **Azure AD**
* **Google Workspace**
* **OneLogin**
* **Auth0**
* **JumpCloud**
* Custom SAML 2.0 providers

### SAML Setup

<Steps>
  <Step title="Contact Sales">
    SAML SSO requires Enterprise plan

    Email: [sales@statusstack.com](mailto:sales@statusstack.com)
  </Step>

  <Step title="Configure IdP">
    In your identity provider:

    ```yaml theme={null}
    ACS URL: https://statusstack.com/saml/acs
    Entity ID: https://statusstack.com
    Name ID Format: Email Address
    ```
  </Step>

  <Step title="Provide Metadata">
    Share SAML metadata XML with StatusStack:

    * IdP Entity ID
    * SSO URL
    * Signing Certificate
  </Step>

  <Step title="Configure StatusStack">
    StatusStack team configures:

    * SAML endpoint
    * Attribute mapping
    * Domain verification
    * JIT provisioning (optional)
  </Step>

  <Step title="Test Connection">
    Test SSO flow:

    1. Visit statusstack.com/login
    2. Enter work email
    3. Redirect to IdP
    4. Authenticate
    5. Return to StatusStack
  </Step>
</Steps>

### Just-in-Time (JIT) Provisioning

**Auto-create accounts on first login:**

```yaml theme={null}
SAML Attributes Mapping:
  Email: email
  First Name: firstName
  Last Name: lastName
  Department: department
  Role: role (optional)

JIT Settings:
  Auto-create users: Yes
  Default team: Automatically assigned
  Default role: Member
```

**Benefits:**

* No manual user creation
* Automatic onboarding
* Consistent with IdP

***

## Session Management

### Session Duration

**Default session length:**

* Web: 7 days (with activity)
* Mobile: 30 days
* API tokens: No expiration (revocable)

**Extend or reduce:**

* Enterprise: Configure custom session duration
* Security → Session Settings

### Active Sessions

**View and manage sessions:**

Dashboard → **Settings** → **Security** → **Active Sessions**

```
Device: Chrome on macOS
Location: San Francisco, CA
Last Active: 5 minutes ago
[Revoke]

Device: Safari on iPhone
Location: San Francisco, CA
Last Active: 2 hours ago
[Revoke]
```

**Revoke suspicious sessions immediately**

***

## Security Best Practices

<AccordionGroup>
  <Accordion title="Use Strong Passwords">
    **Requirements:**

    * 12+ characters
    * Mix of uppercase, lowercase, numbers, symbols
    * Unique (not reused elsewhere)
    * Use a password manager
  </Accordion>

  <Accordion title="Enable 2FA">
    **Mandatory for:**

    * Organization owners
    * Admins
    * Users with access to production Stacks

    **Recommended for:** Everyone
  </Accordion>

  <Accordion title="Use SSO (Enterprise)">
    **Benefits:**

    * Centralized authentication
    * Automatic deprovisioning
    * Enforced security policies
    * Audit logging
  </Accordion>

  <Accordion title="Review Active Sessions">
    **Monthly:**

    * Review active sessions
    * Revoke unknown devices
    * Check login locations
    * Verify login times
  </Accordion>

  <Accordion title="Monitor Login Activity">
    **Authentication logs track:**

    * Successful logins
    * Failed attempts
    * Password changes
    * 2FA events
    * OAuth connections

    Available: **Settings** → **Security** → **Login History**
  </Accordion>
</AccordionGroup>

***

## Troubleshooting

### Can't Login

**Issue:** "Invalid credentials" error

**Check:**

1. Email address is correct
2. Password is correct (case-sensitive)
3. Account is verified (check email)
4. Account is not locked

**Solutions:**

* Reset password
* Check spam folder for verification email
* Contact support if account locked

### 2FA Code Not Working

**Issue:** "Invalid code" error

**Check:**

1. Clock on device is synchronized
2. Entering current code (refreshes every 30s)
3. Using correct authenticator app

**Solutions:**

* Use backup code
* Disable and re-enable 2FA
* Contact support for 2FA reset

### OAuth Login Failing

**Issue:** "Error connecting to \[Google/Microsoft]"

**Check:**

1. Pop-ups are allowed
2. Third-party cookies enabled
3. Not using private/incognito mode

**Solutions:**

* Allow pop-ups for statusstack.com
* Try different browser
* Use email/password instead

### SAML Not Working

**Issue:** "SAML authentication failed"

**Check:**

1. SAML is configured for your domain
2. IdP metadata is current
3. Certificates not expired

**Solutions:**

* Contact your IT administrator
* Email [support@statusstack.com](mailto:support@statusstack.com) with:
  * Organization name
  * Email address
  * Screenshot of error

***

## Next Steps

<CardGroup cols={2}>
  <Card title="Security Settings" icon="shield" href="/account/security">
    Configure security settings
  </Card>

  <Card title="Team Management" icon="users" href="/account/team-management">
    Invite team members
  </Card>

  <Card title="Subscription Plans" icon="credit-card" href="/account/subscription-plans">
    Compare plans
  </Card>
</CardGroup>