Authentication

Multi-layer access control built in

OAuth with GitHub and Google, email/password authentication, session management, and fine-grained permissions. Security infrastructure you don't have to build.

Capabilities

OAuth Providers

Email/Password

Traditional authentication for users who prefer it.

Session Management

Secure sessions with refresh tokens. Automatic expiration and renewal.

Permission System

Fine-grained permissions beyond just roles. Grant or deny specific actions.

Account Security

Password hashing, login attempt tracking, and account lockout protection.

Use Cases

User sign-up flows Team access control Multi-tenant apps Secure admin panels

Why It Matters

Don't build auth from scratch. Use battle-tested infrastructure.
OAuth + email gives users choice
Fine-grained permissions for complex access requirements

How It Works

Authentication in Runwork provides enterprise-grade identity management without building anything from scratch. OAuth with GitHub and Google, traditional email/password, session management, and fine-grained permissions—all the security infrastructure your apps need is built in and ready to use.

User authentication flows are pre-built. Add "sign in with Google" or "sign in with GitHub" to your apps without configuring OAuth providers yourself. Traditional email/password authentication is also available for users who prefer it. Sessions are managed securely with refresh tokens, automatic expiration, and renewal—no custom session handling required.

The permission system goes beyond simple roles. Define exactly who can do what at a granular level: "users in the Sales team can view customers but only edit their own deals." Permissions integrate with entities, letting you control access to specific data types. Teams and workspaces provide additional organizational layers for access control.

Security features protect accounts by default. Passwords are hashed with modern algorithms, login attempts are tracked to prevent brute force attacks, and accounts can be locked after suspicious activity. Audit logs track authentication events for compliance and security monitoring.

Frequently Asked Questions

What authentication methods does Runwork support?

Runwork supports OAuth with GitHub and Google for social login, plus traditional email/password authentication. Sessions are managed automatically with secure refresh tokens, expiration, and renewal. You can offer users multiple authentication options without building any auth infrastructure yourself.

How does the permission system work?

Permissions are fine-grained and entity-aware. Beyond basic roles, you can define exactly who can perform which actions on which data types. For example: "Marketing team can view all customers but only edit campaigns they created." Permissions integrate with teams, workspaces, and the entity system.

Is account security built in?

Yes. Passwords are hashed with modern algorithms, login attempts are tracked to prevent brute force attacks, and suspicious activity can trigger account lockouts. Authentication events are logged in audit logs for security monitoring and compliance.

Can I build multi-tenant apps with different user bases?

Yes. Workspaces provide isolation between tenants, each with their own users and permissions. Within a workspace, teams organize users into groups with shared access levels. This enables complex multi-tenant architectures without custom auth logic.

Related Features

Teams Workspaces Compliance

See How Teams Use Authentication

Client Portals SaaS Teams Healthcare Teams

Ready to try Authentication?

Start vibe-coding with Runwork today.

Get Started Explore More Features