Runwork
All Features

Authentication

Multi-layer access control built in

OAuth with GitHub and Google, email/password authentication, session management, and fine-grained permissions. Security infrastructure you don't have to build.

What Authentication gives you

OAuth Providers

Sign in with GitHub or Google. Familiar flows users already trust.

Email/Password

Traditional authentication for users who prefer it.

Session Management

Secure sessions with refresh tokens. Automatic expiration and renewal.

Permission System

Fine-grained permissions beyond just roles. Grant or deny specific actions.

Account Security

Password hashing, login attempt tracking, and account lockout protection.

Why Authentication matters

How Authentication works

Authentication in Runwork provides enterprise-grade identity management without building anything from scratch. OAuth with GitHub and Google, traditional email/password, session management, and fine-grained permissions. All the security infrastructure your apps need is built in and ready to use.

User authentication flows are pre-built. Add "sign in with Google" or "sign in with GitHub" to your apps without configuring OAuth providers yourself. Traditional email/password authentication is also available for users who prefer it. Sessions are managed securely with refresh tokens, automatic expiration, and renewal, so no custom session handling is required.

The permission system goes beyond simple roles. Grant or deny specific permissions per user or per group across everything your team runs on Runwork: apps, integrations, workflows, schedules, data entities, file storage, agents, API keys, public endpoints, and logs. An Editor can gain an extra ability, a Viewer can be restricted further, and a contractor group can be limited to exactly the apps and data they need, all without changing anyone's base role. Teams and workspaces provide additional organizational layers for access control.

Security features protect accounts by default. Passwords are hashed with modern algorithms, login attempts are tracked to prevent brute force attacks, and accounts can be locked after suspicious activity. Audit logs track authentication events for compliance and security monitoring.

Frequently Asked Questions

What authentication methods does Runwork support?
Runwork supports OAuth with GitHub and Google for social login, plus traditional email/password authentication. Sessions are managed automatically with secure refresh tokens, expiration, and renewal. You can offer users multiple authentication options without building any auth infrastructure yourself.
How does the permission system work?
Permissions are fine-grained. Beyond basic roles, you can grant or deny specific permissions per user or per group across every Runwork primitive: workspace management, members, apps, integrations, workflows, schedules, data entities, file storage, agents, API keys, public endpoints, and logs. Explicit denies always win over grants, so exceptions are safe to express in both directions.
Is account security built in?
Yes. Passwords are hashed with modern algorithms, login attempts are tracked to prevent brute force attacks, and suspicious activity can trigger account lockouts. Authentication events are logged in audit logs for security monitoring and compliance.
Can I build multi-tenant apps with different user bases?
Yes. Workspaces provide isolation between tenants, each with their own users and permissions. Within a workspace, teams organize users into groups with shared access levels. This enables complex multi-tenant architectures without custom auth logic.

Use Cases

User sign-up flows Team access control Multi-tenant apps Secure admin panels

Related Features

See How Teams Use Authentication

Ready to try Authentication?

Try the work cloud for AI agents.