Authentication

Create an account, sign in, or configure enterprise SSO for your organization.

Create a new ops0 account to get started.

Registration Form

Field	Requirements
Email	Valid email address (becomes your login)
Password	12+ characters, uppercase, lowercase, number, symbol
Full Name	Your display name
Organization	Company or team name

Password Requirements

Minimum 12 characters

Longer passwords are more secure

Mixed case required

At least one uppercase and lowercase

Number required

At least one digit (0-9)

Symbol required

At least one special character

Email Verification

After registering, check your inbox for a verification email. Click the link to activate your account. The link expires after 24 hours.

Email & Password

Standard login with your credentials

Google SSO

Microsoft SSO

Custom OIDC

Okta, Auth0, or any OIDC provider

Forgot Password

1Click Forgot Password on the login page

2Enter your email address

3Check your inbox for the reset link

4Set a new password (link expires in 1 hour)

Session Duration

Setting	Duration
Remember me checked	30 days
Remember me unchecked	24 hours
Idle timeout	2 hours of inactivity

SSO Configuration

Configure Single Sign-On for your organization using OIDC.

Built-in Providers

Google Workspace

One-click setup. No configuration required.

Microsoft Entra ID

Azure AD integration. No configuration required.

Custom OIDC Provider

For Okta, Auth0, or other OIDC providers:

Field	Description
Client ID	From your identity provider
Client Secret	From your identity provider
Issuer URL	OIDC discovery endpoint
Scopes	`openid profile email` (default)

OIDC Configuration Examples

Okta:

Issuer URL: https://your-org.okta.com
Client ID: 0oa1234567890abcdef
Scopes: openid profile email groups

Auth0:

Issuer URL: https://your-tenant.auth0.com
Client ID: abcd1234efgh5678ijkl
Scopes: openid profile email

Group Sync

Map identity provider groups to ops0 roles automatically.

How It Works

User logs in via SSO

ops0 reads group claims from the OIDC token

Matched groups assign corresponding ops0 roles

Example Mapping

IdP Group	ops0 Role
`ops0-admins`	Admin
`ops0-developers`	Developer
`ops0-viewers`	Viewer

SSO-Only Mode

Force all users to authenticate via SSO (disables email/password login).

Enable SSO-Only

Go to Settings → Security
Enable Require SSO for all users
Confirm the change

Before Enabling

Ensure at least one admin can login via SSO. You cannot disable SSO-only mode if locked out.

Troubleshooting

Email Already Registered

An account with this email already exists. Use forgot password if needed, or login with SSO if your organization uses it.

Verification Email Not Received

Check spam folder. Click "Resend verification" on the login page. Emails may take up to 5 minutes.

SSO Login Failed

Verify your email domain is associated with the organization. Contact your admin if you see "Organization not found".

Invalid Credentials

Check for typos. Use forgot password to reset. After 5 failed attempts, account locks for 15 minutes.

OIDC Callback Error

Verify redirect URI is configured correctly in your IdP. It must exactly match the ops0 callback URL.

Example: Setting Up Okta SSO

Okta Application Configuration

Application Type: OIDC - Web Application
Sign-in redirect URI: https://app.ops0.io/auth/callback
Sign-out redirect URI: https://app.ops0.io/logout
Scopes: openid, profile, email, groups

ops0 SSO Settings

Provider:      Custom OIDC
Issuer URL:    https://acme-corp.okta.com
Client ID:     0oa7x8y9z0a1b2c3d4e5
Client Secret: ••••••••••••••••
Group Claim:   groups

Result

SSO Configuration
─────────────────────────────────────
Provider:      Okta (Custom OIDC)
Status:        Active ✓
Domain:        acme-corp.com
Users:         47 authenticated via SSO
Last Login:    2 minutes ago

Group Mappings
─────────────────────────────────────
okta-ops0-admins     → Admin (3 users)
okta-ops0-devops     → Developer (28 users)
okta-ops0-readonly   → Viewer (16 users)