Skip to main content

Authentication and access control

Authentication

Interval actions for an organization can only be accessed through the Interval dashboard for that organization.

Interval currently supports the following authentication schemes:

  • Email/password
  • Sign in with Google
  • SSO

You can sign up or log in with email or Google here. If you'd like SSO to be enabled for your organization, contact us.

As a developer, you don't need to do any additional work to enable authentication for your actions. Just provide an Interval API key for your organization when instantiating the Interval class.

Multi-factor authentication

Interval supports multi-factor authentication (MFA), also known as two-factor authentication, for added account security. MFA can be enabled for individual user accounts and can optionally be enforced for everyone in your organization.

Before using MFA, you will need an app that supports generating one-time passwords (OTP).

For iOS/macOS users we recommend StepTwo. If you are already a 1Password user, you can use 1Password to generate these.

To enable MFA:

  1. Visit your account settings page in the Interval dashboard.
  2. Scroll to the section labeled "Multi-factor authentication."
  3. Click "Enable MFA" and follow the remaining prompts.

As the owner of an organization, you can enforce that all users in your organization have MFA enabled. To enforce MFA:

  1. Visit the settings page for your organization.
  2. Click the "Security" tab
  3. Check the box labeled "Require Multi-factor authentication."
caution

Be aware that requiring MFA for your organization will immediately interrupt all logged in users and prompt for them to enabled it.

Roles

Members of your organization can be assigned one of three roles. Roles determine which functionality users have access to.

  • Admins can do everything, including managing users, teams, Live mode API keys, and environments.
  • Developers can run actions in Live mode and develop in Dev mode with their Personal Development Key. Developers cannot create Live mode API keys.
  • Members can run actions in Live mode.

Roles are assigned on the Users page of the dashboard.

Permissions

By default, actions can be accessed by anyone in your organization.

For users on our Teams plan and higher, you can create Teams within your organization. Teams are groups of users. You might have teams for customer support, engineering, ops, and so on. Teams can be created on the Teams page in the Interval dashboard.

Once you've created teams in your organization, you can configure individual actions to be accessible only to members of specific teams.

Defining permissions in code

Permissions configuration is done entirely with code. Use the access property when defining a new action to control which teams can access that action.

To assign access to specific teams, use the slug for each team, found on the Settings > Teams page.

Here's an example of restricting action access to a single team:

routes/organization_action.ts
import { Action } from "@interval/sdk";

// everyone in the organization can run this action (default behavior)
export default new Action({
  access: "entire-organization",
  handler: async () => {
    // your action code
  },
});
routes/sensitive_action.ts
import { Action } from "@interval/sdk";

// only the Support team can run this action
export default new Action({
  access: {
    // use the slug for each team, found on the Settings > Teams page
    teams: ["support"],
  },
  handler: async () => {
    // your action code
  },
});
Did this section clearly explain what you wanted to learn?
On this page