Email Authentication

This guide covers email-based authentication in Fiddler, including user management, security requirements, and administrative procedures.

Overview

Email authentication is Fiddler's built-in authentication method for organizations that don't use Single Sign-On (SSO) or need to provide access to users outside their SSO system. With email authentication, users log in using their email address and a password they create during the account setup process.

When to Use Email Authentication

Email authentication is ideal for:

Organizations without an identity provider
Adding specific users who don't have SSO access
Mixed environments where some users need different authentication methods
Adding service accounts

Note: Each user account can only use one authentication method—either email authentication or SSO, not both.

User Management with Authentication Console

Fiddler provides a separate UI for managing your authentication: the AuthN console.

The URL to the AuthN management console is your Fiddler instance base URL preprended with authn-. For example, if your base URL is https://acme.cloud.fiddler.ai then you can access the AuthN management console at https://authn-acme.cloud.fiddler.ai.

Prerequisites for User Management

To manage email authentication users, you need:

Administrator access: Your user account must have the "Org Owner" or "Org User Manager" role in the authentication management system
Console access: Access to the Fiddler authentication management console

Adding Users to Fiddler

Step 1: Access the Authentication Management Console

Navigate to the Fiddler AuthN authentication management console *

The URL to the AuthN management console is your Fiddler instance base URL preprended with `authn-`. For example, if your base URL is `https://acme.cloud.fiddler.ai` then you can access the AuthN management console at `https://authn-acme.cloud.fiddler.ai`. {% endhint %}

Ensure you have the necessary administrator permissions. To assign user management privilege to another user, add either the "Org Owner" or "Org User Manager" role in the Organizations tab of the AuthN console:
Select the + to open the role assignment window
Choose the appropriate privilege for another user to manage authentication

Step 2: Create User Account

The email and username fields must match exactly
Only lower-case letters should be used to avoid case-sensitivity issues

In the authentication console, navigate to Users
Click New to create a new user.
Add New User Form
Fill in the required contact details:
- Email address: This will be the user's login identifier and must be unique
- User Name: This field must contain the email address exactly
- First name and Last name
- Email Verified: Choose whether to mark the email as "verified" automatically
- Set Initial Password: Choose whether to set the password yourself or allow the new user to set their own

It is recommended to leave both the Email Verified and the Set Initial Password checkboxes unchecked. Doing so results in the user receiving an email with a link to Fiddler to confirm their invitation and choose their password.

Checking Email Verified means the user does not need to validate that they own the email address assigned
If both checkboxes are checked, the user will receive no email, and the AuthN admin must communicate the sign-in credentials

Step 3: Configure Authentication Setup

Choose one of the following authentication setup options:

Option A: Set up Authentication Later

Select "Setup authentication later for this user"
Use this option if you want to prepare the account before the user needs access
The user will not be able to log in until they set up an authentication method
Useful for preparing accounts for future employees

Option B: Send Invitation Email (Recommended)

Select "Send an invitation E-Mail for authentication setup and E-Mail verification"
The user will receive an email with instructions to set up their authentication
The user can choose their preferred authentication method (password, passkey, or external SSO)
This provides the most flexibility for users

Option C: Set Initial Password

Select "Set an initial password for the user"
Enter a temporary password for the user
The user will receive an email notification about their account
The user should change this password on first login

Step 4: Complete User Creation

Click Create to save the user account
The system will process the user creation based on your selected authentication option
If you chose email invitation, the user will automatically receive setup instructions

Managing User Invitations

Invitation and Setup Process:

Email Verification and Initial Setup:

By default, users receive an initialization email with a verification code
Users must verify this code on their first login
If you marked the email as "verified" during creation, this step may be skipped

Authentication Method Selection:

Users can choose from available authentication methods based on your organization's configuration:
- Password: Traditional username/password authentication
- Passkey: Modern passwordless authentication using biometrics or security keys
- External SSO: If configured, users can authenticate through external identity providers

Invitation Properties:

Email invitations do not expire automatically
Users can complete their setup at any time after receiving the invitation
Account setup must be completed before users can access Fiddler

Resending Invitations: If you need to resend setup instructions to a user:

Go to the Users section in the authentication console
Find the specific user account
Use the available options to resend invitation or setup emails
Users who haven't completed setup will receive fresh instructions

User Account Lifecycle

Account Activation: When users receive their setup email, they:

Click the setup link in the email
Verify their email address (if required)
Choose and configure their preferred authentication method:
- Password: Create a password meeting security requirements
- Passkey: Set up biometric or security key authentication
- External SSO: Link to configured external identity providers (if available)
Complete their profile information if prompted
Confirm their account to gain access to Fiddler

Account Management:

User deactivation: Temporarily disable user access
User deletion: Permanently remove user accounts
Password reset: Users can reset forgotten passwords through the login interface

Password Management

Forgotten Passwords: Users can reset forgotten passwords by:

Clicking Forgot Password on the login page
Entering their email address
Following the instructions in the password reset email
Creating a new password that meets security requirements

User Role Considerations

AuthN Administrative Roles: Ensure at least one user has the "Org Owner" or "Org User Manager" role to continue managing email authentication users.

Fiddler Roles: After email authentication users log in, Org Admins can assign appropriate Fiddler application roles (Org Admin, Org Member, etc.) for access control.

Troubleshooting

Common Issues

Users Cannot Access Console:

Verify the user has "Org Owner" or "Org User Manager" role
Check authentication console network accessibility
Confirm user account status

Invitation Links Not Working:

Verify the invitation hasn't been revoked
Check for email delivery issues
Regenerate invitation links if necessary

Login Problems:

Verify password meets all requirements
Check for account lockouts due to failed attempts
Confirm user account is active and not suspended

❓ Questions? Talk to a product expert or request a demo.

💡 Need help? Contact us at [email protected].

PreviousSSO Authentication Guide NextOkta OIDC SSO Integration