website/src/app/kb/authenticate/email/readme.mdx
import PlanBadge from "@/components/PlanBadge"; import Alert from "@/components/DocsAlert"; import SupportOptions from "@/components/SupportOptions";
<PlanBadge plans={["starter", "team", "enterprise"]}>
Firezone supports email authentication using a one-time password (OTP).
This provider is enabled by default for all plans and is designed to get you up and running with Firezone quickly. For production deployments, we recommend setting up Universal OIDC, Google, Entra, or Okta authentication for a more seamless user experience and improved security.
Firezone's OTP-based email authentication provider sends a one-time password to the user's email each time authentication is requested. This password is short-lived and can only be used to authenticate once.
<Alert color="warning"> Users and groups must be managed manually with the Email / OTP provider. See the [Google](/kb/directory-sync/google), [Entra](/kb/directory-sync/entra), or [Okta](/kb/directory-sync/okta) guides for setting up automated user and group management with those providers. </Alert>The email authentication provider can be disabled completely for your account, forcing all users and admins to authenticate with another provider. This can increase security by reducing the number of potential entrypoints into your Firezone account.
To do so, navigate to Settings -> Identity providers, select the Email
provider in the list, and then click Disable in the upper-right.