FAQ

This page covers a range of frequently asked questions about Sourcebot’s built-in authentication system.

Can I disable the authentication system?

No, at this time it’s not possible to disable the authentication system. If this is preventing you from deploying Sourcebot within your organization please reach out

I don't want to restrict access to my Sourcebot deployment, what should I do?

Every user must register an account within your Sourcebot deployment. However, this dosn’t mean their access is restricted.Unless member approval is required, anyone can sign up for an account on your deployment and immediately be granted access.

Does any data related to authentication (emails, passwords, etc) leave my deployment?

I'm deploying Sourcebot behind an identity proxy, do I still need to create an account in Sourcebot?

Please note that IAP bridges are an enterprise feature

Sourcebot supports connecting your identity proxy directly into the built-in auth system using an IAP bridge. This allows Sourcebot to register and authenticate automatically on a successful identity proxy log in.Sourcebot currently supports GCP IAP. If you’re using a different IAP and require support, please reach out

How does Sourcebot implement authentication?

Sourcebot uses Auth.js as its underlying authentication framework. Auth.js provides authentication providers (credientials, Google, GitHub, etc) and an interface to enable user registration and log in. Internally, Auth.js uses JWT to provide Sourcebot secure and reliable information about user authentication.

Have a question that’s not answered here? Submit an issue on GitHub and we’ll get back to you as soon as we can.

Getting Started

Features

Configuration

Upgrade