QuackbackQuackback Docs
Portal

Portal Authentication

Configure how users sign in to your feedback portal.

Portal Authentication

Control how users sign in to submit feedback, vote, and comment on your portal.

Authentication Methods

Users can sign in with:

Users enter their email and receive a one-time code. No password needed.

  • ✓ Works for everyone
  • ✓ No password to forget
  • ✓ Verified email addresses

Google

Sign in with Google account.

  • ✓ One-click for Google users
  • ✓ Trusted authentication
  • ✓ Gets user's name and avatar

GitHub

Sign in with GitHub account.

  • ✓ Great for developer products
  • ✓ Gets username and avatar
  • ✓ Technical audience loves it

Configuring Auth Methods

  1. Go to SettingsPortal
  2. Under Authentication, toggle methods on/off
  3. Changes apply immediately
AudienceRecommended Methods
General usersEmail + Google
DevelopersEmail + GitHub + Google
EnterpriseEmail + SSO

Open Signup vs Invite-Only

Open Signup (Default)

Anyone can create an account and participate.

Best for: Public products, community feedback.

Invite-Only

Users can only access if invited.

Best for: Beta programs, private feedback, enterprise.

To enable invite-only:

  1. Go to SettingsPortal
  2. Toggle off Open Signup
  3. Invite users manually

SSO (Enterprise)

For enterprise customers, configure SSO:

SAML

Connect to Okta, Azure AD, OneLogin, etc.

OIDC

Connect to any OpenID Connect provider.

See SSO Setup for configuration.

User Experience

Sign-in Flow

  1. User clicks "Sign In" or takes an action requiring auth
  2. Sign-in modal appears with available methods
  3. User authenticates
  4. User is returned to where they were

First-Time Users

On first sign-in, users:

  1. Authenticate with chosen method
  2. Confirm their name (pre-filled from OAuth if available)
  3. Are ready to participate

Returning Users

Returning users are recognized and signed in quickly.

Session Duration

Portal sessions last 7 days. Users stay signed in unless they:

  • Sign out manually
  • Clear browser data
  • Go 7 days without visiting

Security Considerations

Email Verification

All authentication methods verify the user's email address.

No Passwords

Magic link authentication means no passwords to breach.

OAuth Security

Google and GitHub handle authentication securely.

Next: Custom domains

Portal Features

Control what users can do on your feedback portal.

Custom Domain

Use your own domain for a branded feedback portal.

On this page

Portal AuthenticationAuthentication MethodsEmail (Magic Link)GoogleGitHubConfiguring Auth MethodsRecommended SetupOpen Signup vs Invite-OnlyOpen Signup (Default)Invite-OnlySSO (Enterprise)SAMLOIDCUser ExperienceSign-in FlowFirst-Time UsersReturning UsersSession DurationSecurity ConsiderationsEmail VerificationNo PasswordsOAuth Security