Authentication & Login
Secure access methods and authentication options for TelemetryOS
Authentication & Login
TelemetryOS supports modern, enterprise‑grade authentication so teams can choose the right balance of usability and security. You access the administration interface at app.telemetryos.com using the method your organization enables. This page explains the options conceptually and helps you decide which to use; it avoids step‑by‑step UI instructions.
How Sign‑in Works
Access to the administration interface is always established over HTTPS, and authentication is handled by one of several providers. Organizations can enable passwordless passkeys, or allow OAuth with Google or GitHub. Standard email‑and‑password is available, and it should be paired with multi‑factor authentication (MFA) where passkeys are not in use. Sessions are short‑lived, can be revoked centrally, and are recorded for audit.
Methods
| Method | Best for | Security notes |
|---|---|---|
| Passkeys (passwordless) | Most users on supported devices | Phishing‑resistant; uses device biometrics or secure hardware; recommended default where possible |
| Google / GitHub OAuth | Teams standardized on those providers | Inherits provider security; convenient for technical users |
| Email + Password (+ MFA) | Universal fallback | Use strong passwords and require MFA; rotate periodically |
In practice, adopt passkeys for day‑to‑day sign‑in, and leave email+password as a break‑glass option with MFA. OAuth is helpful for developer‑centric workflows.
Setting Policy
Choose one primary method and document when others are allowed. For example, enable passkeys for contractors who lack IdP accounts, and reserve email+password with MFA for emergency access. Align session timeouts and re‑authentication prompts with your risk profile, and regularly review access logs and active sessions.
Browser and Device Compatibility
The administration interface works in current versions of Chrome, Edge, Safari, and Firefox. For the best experience with passkeys and WebAuthn, use an up‑to‑date browser on a device with a secure enclave or platform authenticator. If your environment uses TLS inspection, ensure WebAuthn flows are permitted.
Recovery and Continuity
Account recovery should follow your organization’s policy. For passkeys, register at least two authenticators (for example, laptop and security key) so a lost device doesn’t block access. When using email+password, maintain MFA recovery codes in a secure location and rotate credentials after recovery.
Common Scenarios
- New tenant setup: Initial email+password and MFA, passkey enablement after identity provider connection.
- Mixed workforce: allow OAuth for specific technical teams, and require passkeys where hardware support is available.
- Elevated roles: require MFA (or passkeys) and shorter session lifetimes for administrators.
Troubleshooting
Most sign‑in issues relate to incorrect provider routing, clock drift for OTP codes, or blocked third‑party cookies during OAuth. If sign‑in fails, try an incognito window, verify your device time, and confirm you’re using the intended provider (OAuth vs. password). When contacting support, include the method attempted, the email/tenant, and any visible error text.
Updated 7 days ago