User Authentication – Softr Help Docs

When you first create your app, one of the first things you will want to do is define if and how users should be authenticated to your app. Depending on your app use case, you may want to restrict signup to your app or disable login altogether. The User Authentication tab is where you can adjust numerous options to customize how your users join, login to, and interact with your app

Authentication settings

User Authentication is heavily tied to Utility Pages. The settings you define in User Authentication will determine the utility pages that are generated for your app. For instance, if you choose to disable user login to your app, neither a sign-up or log-in page will be added to your app. You can change this at any point, even if your app has already been published.

To access the User Authentication tab, first click on the Users menu in Softr Studio, then select the Authentication tab.

In Softr Studio, select the Users menu, then the Authentication tab.

In this tab, you have several options at your disposal to customize how users are authenticated:

Login

Here, you have a simple toggle to tell Softr if user login functionality should be enabled. This setting will determine all of the settings below it. If you have this enabled, your Softr app will function as an actual web app, allowing account creation and user login. If it is disabled, your Softr app will function more like a landing page or website, with no ability to create or log in to your account.

Enabled - Your app will function like an actual web app, with the ability to log in and create accounts.

Disabled - Your app will function more like a landing page or website, with no ability to create or log in to your account.

This login option has two toggles, one for enabled and one for disabled.

Authentication method

If you have Login enabled, you will see an option to define how your users will be logging in. Again, here, you have several options and can enable as few or as many as you like.

Email

This type of authentication is considered standard. You can turn it off only if another method of authentication is enabled.

Clicking on the gear icon will reveal a pop-up where you can customize how a user will use their email for the login. Here, you can toggle whether to let users sign in with a password or one-time code. You must choose at least one option.

Additionally, you can click on the arrows to customize the various messages, placeholders, email labels, and even password strength and the length of time the one-time code is valid.

Furthermore, if you have both the Password and One-time code options enabled, you can choose to let them log in using either method (i.e. password OR one-time code) or you can require they use both methods to login (password AND one-time code) for a full two-factor authenticated log-in (2FA/MFA).

Enable password and one-time code options to access 2FA capability.

SSO

Single sign-on (SSO) is also available as a Log in method. Softr is compatible with SAML and OpenID configurations. More about using SSO is available for SAML and OpenID. You can also combine SSO with other login methods as well and direct various users to different sign-in methods based on their email domain.

📌

This feature is available on Enterprise plans and as a paid add-on for the Business plan. See pricing.

Toggling on SSO gives access to the SSO setup modal, where you can setup your configuration.

Google Sign-in

You can also let your users sign up and log in using their Google accounts. Toggling this option on will open the configuration panel for setting up Google Sign-in. For more detailed information on how to set this up, please check out this help article. Softr’s Google Sign-in feature also works with Google Workspace and Google Classroom if your Google admins allow this functionality.

Magic Links

ℹ️

Tip: You don’t need Magic links to send out a new user invitation. See our Use Cases section below to learn more.

Magic links provide a permanent, pre-authenticated link for you or your users to log in. This can be great for viewing your app as specific users or quickly getting your users into their account, however you should use magic links with caution - they are as good as an email and password. Anyone who has the link can log in as that user. When enabling magic links, you’ll be asked to confirm that you understand these risks. More info on magic links can be found here.

Confirm you understand the risks in order to use magic links.

Sign Up

In the Sign-Up section, you can control whether people should be able to sign up on their own. You have 3 options here:

Disabled - Only people you add manually to Softr or your data source will have an account and can sign in. No sign-up utility page will be added to your app.

Open - A sign-up utility page will be added to your app, and anyone with a link to your Softr app can join as a user.

Domain restricted - You can allow public sign-up, but only from emails with a specific domain. Selecting this option will create a sign up utility page in your app. You will also be prompted to provide a list of allowed domains, with each domain separated by a comma.

Security

In the Security section, you have a few options to ensure your Softr app’s security aligns with your company or team’s requirements.

Log user out - Choose how much time should pass before a user is required to log in again. This happens whether a user currently has the app open in a browser or not.

End session if idle - Choose how long the Softr app should be open and idle in a browser before logging out. This happens only when the user is logged in and has the app open in a browser, and is not actively using the app.

Select options for when and how often users should be automatically logged out.