QuackbackQuackback
Navigation

Configure team security

Protect your admin dashboard with the right level of security for your team. Use simple email magic links or require OAuth through GitHub or Google.

Overview

Team authentication controls how team members (admins and members) sign in to the admin dashboard. By default, email OTP, GitHub, and Google are all enabled.

Team authentication controls team member sign-in (employees managing feedback). For portal user authentication (customers submitting feedback), see Portal Authentication.

Team Sign-in Methods

Team members can sign in using the following methods:

Password

Allow team members to sign in with their email and password.

  • How it works: User enters email + password → signed in
  • Best for: Familiar sign-in experience
  • Always available: Yes

Allow team members to sign in using magic link codes sent to their email.

  • How it works: User enters email → receives 6-digit code → enters code to sign in
  • Best for: Teams who want passwordless login
  • Always available: Yes

GitHub

Allow team members to sign in using their GitHub accounts.

  • How it works: User clicks "Continue with GitHub" → authorizes access → signed in
  • Best for: Developer teams already using GitHub
  • Requires: GitHub OAuth app configured in environment
  • Enabled by default: Yes

Google

Allow team members to sign in using their Google accounts.

  • How it works: User clicks "Continue with Google" → authorizes access → signed in
  • Best for: Teams using Google Workspace
  • Requires: Google OAuth credentials configured in environment
  • Enabled by default: Yes

OAuth Provider Setup

OAuth providers (GitHub, Google) require environment configuration:

GitHub

GITHUB_CLIENT_ID=your-client-id
GITHUB_CLIENT_SECRET=your-client-secret

Google

GOOGLE_CLIENT_ID=your-client-id
GOOGLE_CLIENT_SECRET=your-client-secret

See Environment Variables for complete configuration.

Best Practices

Multi-Factor Authentication

While Quackback doesn't have built-in MFA, you can achieve equivalent security by:

  • Using OAuth providers that require MFA (GitHub, Google)

Principle of Least Privilege

  • Review team member access regularly
  • Only grant Admin role to those who need full settings access

Secure Defaults

For most teams, we recommend:

  1. Enable Email for backup access
  2. Enable one OAuth provider that matches your workflow (GitHub for devs, Google for business)

Next Steps