Email (OTP) Authentication
Firezone supports email authentication using a one-time password (OTP).
This provider is enabled by default for all plans and is designed to get you up and running with Firezone quickly. For production deployments, we recommend setting up Universal OIDC, Google, Entra, or Okta authentication for a more seamless user experience and improved security.
Firezone's OTP-based email authentication provider sends a one-time password to the user's email each time authentication is requested. This password is short-lived and can only be used to authenticate once.
Users and groups must be managed manually with the Email / OTP provider. See the Google, Entra, or Okta guides for setting up automated user and group management with those providers.
Disabling email authentication
The email authentication provider can be disabled completely for your account, forcing all users and admins to authenticate with another provider. This can increase security by reducing the number of potential entrypoints into your Firezone account.
To do so, navigate to Settings -> Identity providers, select the Email
provider in the list, and then click Disable in the upper-right.
Disabling the email provider can lead to issues signing in if all of your other providers stop working. For that reason, you may want to leave the email authentication provider enabled with at least one admin assigned for recovery purposes.
Need additional help?
See all support options or try asking on one of our community-powered support channels:
- Discussion forums: Ask questions, report bugs, and suggest features.
- Discord server: Join discussions, meet other users, and chat with the Firezone team
- Email us: We read every message.