Let users sign in the way they prefer. Password sign-in is enabled by default for simplicity. Add email OTP for passwordless login, or OAuth with GitHub and Google for convenience.

Overview

Access Portal Authentication from Admin → Settings → Portal Authentication. Control which sign-in methods appear on your feedback portal.

Portal Authentication controls portal user sign-in (customers submitting feedback). For team member authentication (employees managing feedback), see Security.

Enable anonymous voting

Let visitors vote on feedback posts without creating an account. Anonymous voting removes friction for users who want to show support but don't want to sign up.

By default, anonymous voting is enabled. Find the toggle at Admin → Settings → Portal Authentication → Anonymous Voting. This setting applies to both the portal and the embeddable widget.

When a visitor casts their first anonymous vote, a browser session is created transparently. The visitor doesn't see a sign-in form or any interruption - their vote registers instantly.

Anonymous votes are rate-limited to 50 votes per IP address per hour to prevent abuse.

When an anonymous visitor later creates an account, their votes are linked to the new account automatically. No votes are lost during the transition.

Disable anonymous voting

Turn off anonymous voting when you need to require accounts for all voting - for example, if you want every voter identifiable or you need to send status update notifications to all voters.

Go to Admin → Settings → Portal Authentication
Toggle Anonymous Voting off
Visitors will now see a sign-in prompt when they try to vote

Disabling anonymous voting doesn't delete existing anonymous votes. Those votes still count toward totals.

Authentication Methods

Password

Allow users to sign in with their email and password.

How it works: User enters email + password → signed in
Best for: Familiar sign-in experience, self-hosted deployments
Enabled by default: Yes
Password requirements: 8-128 characters

Users can reset their password through a forgot password flow that sends a verification code to their email.

Email OTP (Magic Link)

Allow users to sign in using magic link codes sent to their email.

How it works: User enters email → receives 6-digit code → enters code to sign in
Best for: Passwordless login, maximum simplicity
Enabled by default: No

When both Password and Email OTP are enabled, users can switch between methods on the sign-in form.

GitHub

Allow users to sign in using their GitHub accounts.

How it works: User clicks "Continue with GitHub" → authorizes access → signed in
Best for: Developer-focused products
Enabled by default: Yes

Google

Allow users to sign in using their Google accounts.

How it works: User clicks "Continue with Google" → authorizes access → signed in
Best for: Consumer products, business tools
Enabled by default: Yes

Enable/Disable Methods

Navigate to Admin → Settings → Portal Authentication
Toggle each method on or off using the switches
Changes save automatically

At least one authentication method must remain enabled. The last enabled method shows a lock icon and cannot be disabled.

Best Practices

Choose methods

Consider your user base when selecting authentication methods:

Most deployments → Keep Password enabled (default)
Developer products → Enable GitHub
Business products → Enable Google
Passwordless preference → Enable Email OTP

Security Recommendations

Enable multiple methods - Provides fallback if one method has issues
Keep Password enabled - Ensures all users can access the portal regardless of OAuth provider availability

User Experience

Fewer options = simpler sign-in experience
More options = greater accessibility
Find the right balance for your users

Access Control

Only Admins can modify portal authentication settings.

Role	Can View	Can Modify
Admin	Yes	Yes
Member	No	No

Next Steps

Team Members - Manage your team and their authentication
Boards - Organize your feedback