Authentication and MFA

Organizations can implement org-wide authentication methods within StackAI to ensure authentication method stays consistent across business teams and StackAI projects.

Workspace sign-in methods

By default, when you invite a new user to access to StackAI workspace, the user will receive an email inviting them to access their account and set up a password. You could also set up SSO in "SSO Settings" page and standardize how users join your organization.

Default role for SSO users

By default, newly provisioned SSO users start as User. Admins can promote them at any time.

See Role-Based Access Controls (RBAC) and Groups for role definitions and common patterns.

Require SSO for published interfaces

You can require SSO for all interfaces. This prevents access from users outside your organization.

Multi-factor authentication (MFA)

MFA adds a second verification step for sign-in. Once enabled, MFA is mandatory org-wide.

MFA applies to password-based authentication. If you use SSO, MFA is typically enforced in your IdP.

Enable MFA

Troubleshooting

Users can’t access a published interface after enabling “Require SSO for all interfaces”

Check these first:

• The user is signing in with a company email in your IdP.

• The user is assigned to the StackAI app in the IdP.

• The interface URL is the same one you tested (no old links).