Authentication and access control
Authentication
Interval actions for an organization can only be accessed through the Interval dashboard for that organization.
Interval currently supports the following authentication schemes:
- Email/password
- Sign in with Google
- SSO
You can sign up or log in with email or Google here. If you'd like SSO to be enabled for your organization, contact us.
As a developer, you don't need to do any additional work to enable authentication for your actions. Just provide an Interval API key for your organization when instantiating the Interval class.
Multi-factor authentication
Interval supports multi-factor authentication (MFA), also known as two-factor authentication, for added account security. MFA can be enabled for individual user accounts and can optionally be enforced for everyone in your organization.
Before using MFA, you will need an app that supports generating one-time passwords (OTP).
For iOS/macOS users we recommend StepTwo. If you are already a 1Password user, you can use 1Password to generate these.
To enable MFA:
- Visit your account settings page in the Interval dashboard.
- Scroll to the section labeled "Multi-factor authentication."
- Click "Enable MFA" and follow the remaining prompts.
As the owner of an organization, you can enforce that all users in your organization have MFA enabled. To enforce MFA:
- Visit the settings page for your organization.
- Click the "Security" tab
- Check the box labeled "Require Multi-factor authentication."
caution
Be aware that requiring MFA for your organization will immediately interrupt all logged in users and prompt for them to enabled it.
Roles
Members of your organization can be assigned one of three roles. Roles determine which functionality users have access to.
- Admins can do everything, including managing users, teams, Live mode API keys, and environments.
- Developers can run actions in Live mode and develop in Dev mode with their Personal Development Key. Developers cannot create Live mode API keys.
- Members can run actions in Live mode.
Roles are assigned on the Users page of the dashboard.
Permissions
By default, actions can be accessed by anyone in your organization.
For users on our Teams plan and higher, you can create Teams within your organization. Teams are groups of users. You might have teams for customer support, engineering, ops, and so on. Teams can be created on the Teams page in the Interval dashboard.
Once you've created teams in your organization, you can configure individual actions to be accessible only to members of specific teams.
Defining permissions in code
Permissions configuration is done entirely with code. Use the access
property when defining a new action to control which teams can access that action.
To assign access to specific teams, use the slug for each team, found on the Settings > Teams page.
Here's an example of restricting action access to a single team:
- TypeScript
- JavaScript
- Python Experimental
import { Action } from "@interval/sdk";
// everyone in the organization can run this action (default behavior)
export default new Action({
access: "entire-organization",
handler: async () => {
// your action code
},
});
import { Action } from "@interval/sdk";
// only the Support team can run this action
export default new Action({
access: {
// use the slug for each team, found on the Settings > Teams page
teams: ["support"],
},
handler: async () => {
// your action code
},
});
const { Action } = require("@interval/sdk");
// everyone in the organization can run this action (default behavior)
module.exports = new Action({
access: "entire-organization",
handler: async () => {
// your action code
},
});
const { Action } = require("@interval/sdk");
// only the Support team can run this action
module.exports = new Action({
access: {
// use the slug for each team, found on the Settings > Teams page
teams: ["support"],
},
handler: async () => {
// your action code
},
});
import os
from interval_sdk import Interval, IO
interval = Interval(
os.environ["INTERVAL_API_KEY"],
)
# everyone in the organization can run this action (default behavior)
@interval.action(access="entire-organization")
async def org_action(io: IO):
# your action code
pass
# only the Support team can run this action
@interval.action(access={"teams": ["support"]}) # use the slug for each team, found on the Settings > Teams page
async def sensitive_action(io: IO):
# your action code
pass
interval.listen()