Set Up Authentication
GuidesSet Up Authentication
Every Priiism project can have its own authentication system powered by Auth0. When you enable identity on a project, your deployed app gets a fully managed login flow — email/password, social login, multi-factor authentication, and a user management dashboard — with no code required.
Prerequisites
- A Priiism project (any plan)
- The project must be deployed at least once (authentication requires a public callback URL)
Step 1: Open the Identity Panel
From your project workspace, open the identity panel using one of these methods:
- Keyboard shortcut: Press
Cmd+I(Mac) orCtrl+I(Windows/Linux) - Layout switcher: Click the identity icon in the layout mode bar
- Settings: Navigate to project settings and select the Identity tab
The identity panel has four tabs: Overview, Users, Auth Methods, and Settings.
Step 2: Provision Identity
On the Overview tab, click Provision Identity. This creates a dedicated Auth0 SPA (Single Page Application) for your project. Provisioning takes a few seconds and configures:
- An Auth0 application with your project’s deploy URL as the allowed callback
- A default email/password authentication connection
- Secure token handling with PKCE (Proof Key for Code Exchange)
Once provisioned, the Overview tab displays your identity configuration:
| Field | Description |
|---|---|
| Domain | Your Auth0 tenant domain (e.g., auth.priiism.ai) |
| Client ID | The public identifier for your Auth0 application |
| Callback URLs | Allowed redirect URLs after login (auto-configured from your deploy URL) |
| Logout URLs | Allowed redirect URLs after logout |
Step 3: Configure Auth Methods
Switch to the Auth Methods tab to enable or disable login options for your users.
Email/Password (Default)
Enabled by default. Users create an account with their email address and a password. Auth0 enforces password complexity rules (minimum 8 characters, requires uppercase, lowercase, and a number).
Google Social Login
Click Enable Google to allow users to sign in with their Google account. No additional configuration is needed — Priiism uses a shared Google OAuth application. Users see “Sign in with Google” on the login page.
GitHub Social Login
Click Enable GitHub to allow users to sign in with their GitHub account. This is useful for developer-facing applications. Users see “Sign in with GitHub” on the login page.
Magic Link
Click Enable Magic Link to allow passwordless login via email. Users enter their email address and receive a one-time login link. The link expires after 5 minutes.
Step 4: Configure MFA (Multi-Factor Authentication)
In the Auth Methods tab, scroll to the MFA section. Choose an MFA policy:
| Policy | Behavior |
|---|---|
| None | MFA is not required or offered |
| Optional | Users can opt in to MFA from their account settings |
| Required | All users must enroll in MFA on their next login |
MFA Methods
When MFA is enabled (optional or required), users can choose from:
- Email OTP — A one-time code sent to the user’s email address
- TOTP (Authenticator App) — Works with Google Authenticator, Authy, 1Password, and other TOTP apps. Users scan a QR code to enroll.
- SMS — A one-time code sent via text message. Requires a valid phone number.
For healthcare and enterprise applications, we recommend setting MFA to Required with TOTP as the primary method.
Step 5: Configure Session Settings
Switch to the Settings tab to adjust session behavior.
Session Lifetime
How long a user’s session remains valid, regardless of activity. Range: 1 to 8,760 hours (1 year). Default: 168 hours (7 days).
Idle Timeout
How long a session can be inactive before requiring re-authentication. This is useful for applications that handle sensitive data. Set a shorter idle timeout (1-4 hours) for healthcare or financial applications.
Step 6: Test Authentication
After configuring identity:
- Deploy your project (if you haven’t since enabling identity)
- Visit your deployed app URL
- You should be redirected to the Auth0 login page
- Create a test account or sign in with a social provider
- After login, you should be redirected back to your app
If the login page doesn’t appear, check that your deploy URL matches the callback URLs shown on the Overview tab.
User Management
The Users tab provides a dashboard for managing your project’s users.
Viewing Users
The user list shows all registered users with their email, login method, last login date, and status (active or blocked).
Managing Individual Users
Click on a user to:
- Block/Unblock — Blocked users cannot log in. Their existing sessions are invalidated.
- Reset Password — Sends a password reset email to the user. Only available for email/password users.
- Delete — Permanently removes the user account. This action cannot be undone.
Inviting Users
Click Invite User to send an email invitation. Enter the recipient’s email address and they will receive a link to create an account. Invitations expire after 7 days.
Exporting Users
Click Export CSV to download a spreadsheet of all users. The export includes: email, name, login method, signup date, last login, and status. This is useful for compliance audits and user analytics.
Next Steps
- Enterprise SSO Setup — Connect Okta or Microsoft AD for enterprise single sign-on
- Team Access & Permissions — Manage team members and roles
- Healthcare Authentication — HIPAA-compliant auth patterns for healthcare apps