Skip to content

Account Settings

Estimated time to read: 3 minutes

Inviting Team Members

You can invite Team Members to an account from the App Dashboard. Click on Team Members in the User menu (top right), then select Add Team Member.

Once you've added a Team Member, an invitation email will be sent to the provided email address.

  • If the email address is already registered, the invite will include a link to the login page. After logging in, the Team Member can choose which account to access.
  • If the email address is not yet registered, the invite will include a link to create an account.

Multi-account access

Users can be added to multiple accounts. To do this, simply invite the existing user's email address from another account. This will give the user access to both accounts, allowing them to switch between them as needed.

Delivery Status Notifications

We support receiving Delivery Status Notifications (DSNs) for Bounced emails. You can enable this feature on the Account Settings page within the app Dashboard.

If enabled, DSNs will be sent for bounced emails. The recipient of these DSNs can be configured account wide or on the domain level.

Two-Factor Authentication

Two-Factor Authentication (2FA) can be enabled at the user level. To set it up, go to the Profile Settings page in the App Dashboard, and click Enable 2FA.

Enforcing Two-Factor Authentication

Account Administrators can require all Team Members to use Two-Factor Authentication (2FA). To enforce 2FA, go to the Account Settings page and enable Enforce Two-Factor Authentication.

Enforcement can only be enabled after the user has activated 2FA on their own account.

OpenID Connect SSO

OpenID Connect Single Sign-On (SSO) allows your Team Members to log in using your organization's existing identity provider—such as Microsoft Entra ID (Azure AD), Google Workspace, Authentik, Zitadel or Okta.

Configuring Single Sign-On

As the Account Owner, go to the App Dashboard, open Account Settings, and scroll down to the OpenID Connect SSO section.

Check Enable OpenID Connect SSO to begin the configuration. You'll need the following details from your Identity Provider:

  • Configuration Type: Choose the authentication method—PKCE (recommended) or Client Credentials.
  • Domain: A comma-separated list of email domains associated with your Identity Provider (e.g., yourcompany.com). This helps match users during login.
  • Issuer URL: The base URL from your Identity Provider (e.g., https://iam.company.com).
  • Client ID: Provided by your Identity Provider.
  • Client Secret: Also provided by your Identity Provider.
  • Requested Scopes: A space-separated list of scopes (e.g., openid email profile). Defaults will be used if left blank.
  • Authorization Endpoint: e.g., https://iam.company.com/oauth/v2/authorize.
  • Token Endpoint: e.g., https://iam.company.com/oauth/v2/token.
  • Userinfo Endpoint: e.g., https://iam.company.com/oauth/v2/userinfo.
  • JWKS URI: e.g., https://iam.company.com/oauth/v2/keys.

After saving, the configuration will be validated and activated if the validation is successful.

After activating Single Sign-On

Once OIDC is activated, only users you've explicitly added as Team Members can access the account—and they must sign in through your Identity Provider (IdP). Their regular login credentials will no longer work.

The Account Owner is the only one who can still bypass the IdP, log in using regular credentials and request a password reset.

If a Team Member attempts to sign in via the standard login form or request a password reset, access will be denied, and they will be instructed to use the SSO login instead.

Troubleshooting SSO

For Microsoft Entra ID make sure that Allow public client flows is enabled, and the platform is set to Mobile and desktop applications (not Web or Single).