Skip to content
Manako Docs

Security Settings

Social Login (OAuth)

Section titled “Social Login (OAuth)”

You can log in using your Google or GitHub account.

Connecting an OAuth Account

Section titled “Connecting an OAuth Account”

You can connect Google or GitHub to your existing email/password account.

  1. Open security settings

    Select “Security” from the user menu in the top-right corner of the dashboard.

  2. Check connected accounts

    The “Connected Accounts” section shows your currently connected providers.

  3. Connect a new provider

    Click the “Connect” button for an unconnected provider and complete the authentication.

Disconnecting an OAuth Account

Section titled “Disconnecting an OAuth Account”

You can disconnect a connected provider. However, disconnecting is not allowed in the following case:

  • You have no password set and only one OAuth provider connected

Multi-Factor Authentication (MFA)

Section titled “Multi-Factor Authentication (MFA)”

Enabling multi-factor authentication (MFA) requires an authenticator app code in addition to your password when logging in. We recommend enabling MFA to prevent unauthorized access to your account.

Enabling MFA

Section titled “Enabling MFA”

  1. Open security settings

    Select “Security” from the user menu in the top-right corner of the dashboard.

  2. Enable MFA

    Click “Enable MFA” and enter your current password.

  3. Scan the QR code

    Scan the displayed QR code with an authenticator app (Google Authenticator, Authy, 1Password, etc.). A secret code for manual entry is also displayed.

  4. Enter the verification code

    Enter the 6-digit code shown in your authenticator app to complete the setup.

  5. Save your recovery codes

    10 recovery codes will be displayed. Save them in a secure location, as they are needed if you lose access to your authenticator app. These codes will not be shown again after you close this screen.

Logging in with MFA

Section titled “Logging in with MFA”

With MFA enabled, you will be prompted to enter a 6-digit authentication code after entering your password at login. Enter the code displayed in your authenticator app.

If you cannot access your authenticator app, click the “Use a recovery code” link to log in with one of your saved recovery codes.

Managing MFA

Section titled “Managing MFA”

Regenerating Recovery Codes

Section titled “Regenerating Recovery Codes”

Select “Regenerate recovery codes” in the security settings to issue new codes. All existing codes will be invalidated.

Disabling MFA

Section titled “Disabling MFA”

Select “Disable MFA” in the security settings and enter your password to confirm.

Team MFA Enforcement

Section titled “Team MFA Enforcement”

Team Owners can enforce MFA for all team members.

  1. Open team settings

    Go to the “Team Settings” page in the dashboard.

  2. Enable the MFA policy

    Turn on the “Require MFA for team members” toggle. If the Owner’s own MFA is not enabled, they must set up their own MFA first.

  3. Impact on members

    Members who have not set up MFA will be unable to access the dashboard until they complete MFA setup at their next login.

Resetting a Member’s MFA

Section titled “Resetting a Member’s MFA”

If a member loses access to their authenticator app and recovery codes, the Owner can reset that member’s MFA from the member list in team settings. After the reset, the member can log in with just their password and set up MFA again.