Skip to content

Sign Up & Sign In

Vygl supports email/password sign-in plus four SSO providers. On first SSO sign-in (when self-service signup is enabled), a new organization is created automatically; if an account with the same email already exists, the SSO login links to it. GitHub additionally requires the email to be a verified primary; the other providers trust whatever the IdP returns.

The default sign-in method. Visit /login, enter your email and password, and you’re in. The login endpoint enforces a rate limit (10 attempts per IP per 15 minutes) to deter brute force; the password-reset endpoint applies a tighter 5-attempt window to discourage probing.

If you’ve forgotten your password, click Forgot Password — Vygl emails a reset token valid for 15 minutes. The reset endpoint returns 200 regardless of whether the email exists, so it’s safe against account-enumeration probes.

After sign-in, Vygl issues a JWT access token (30 minutes) backed by a refresh token (7 days). The browser refreshes transparently in the background; there’s no manual token handling for end users. Tokens are stateless JWTs — sign-out happens client-side by discarding them.

Every user belongs to one or more organizations. The first time you sign in, an org is created for you; if you accept an invite from an existing org, you join that org instead. Switch between orgs with the dropdown in the top nav — no re-authentication needed.

For more on organization structure, see Members & Roles.

Self-service signup is disabled in production — accounts are created via invitation. To get an account, ask an existing org owner or admin to invite you. The invite is one-time, expires in seven days, and includes the role you’ll have when you join.

Self-hosted Vygl instances can enable self-service signup via the SSO_ALLOW_REGISTRATION setting at deployment time.