Solatis Documentation

Appearance

Authentication

Solatis provides multiple secure authentication methods to keep your account safe and make login easy.

Authentication Methods

Email & Password

The classic login method with email and password.

Advantages:

  • Simple and familiar
  • No third-party dependencies
  • Full control over your credentials

Setup:

1. Visit login page
2. Enter email and password
3. Click "Sign In"

Security:

  • Passwords hashed with bcrypt
  • Rate limiting to prevent brute force
  • Account lockout after failed attempts

Login with your existing Google, Microsoft, GitHub, or Slack account.

Supported Providers:

  • Google Sign-In
  • Microsoft 365
  • GitHub
  • Slack

Advantages:

  • No password to remember
  • Automatic account sync
  • Two-factor authentication inherited from provider
  • One-click login

Setup:

1. Visit login page
2. Click "Sign in with [Provider]"
3. Authenticate with your provider
4. Grant Solatis permission
5. You're logged in!

SAML 2.0 (Enterprise)

For enterprise organizations with Okta, Azure AD, or other identity providers.

When to Use:

  • 50+ employees
  • Existing identity provider (Okta, Azure AD)
  • Need single sign-on (SSO)
  • Need automatic user provisioning

Setup:

  1. Contact support@solatis.team
  2. Provide SAML metadata from your identity provider
  3. We configure SAML integration
  4. Users login with company credentials

Benefits:

  • Single sign-on across all apps
  • Automatic user provisioning
  • Automatic deprovisioning when users leave
  • Centralized access control

Session Management

Session Duration

  • Web app: 30 days of inactivity (auto-logout)
  • Mobile app: 7 days of inactivity
  • API tokens: 1 year (can be revoked anytime)

Active Sessions

View and manage all your active sessions:

Settings → Security → Active Sessions

See details:

  • Device and browser
  • Location and IP address
  • Last activity
  • Option to sign out

Sign Out

Sign out of your account:

Settings → Sign Out

This signs you out of the current device. Other sessions remain active.

Sign out everywhere:

Settings → Security → Sign Out Everywhere

This signs you out of all devices immediately.

Password Security

Strong Passwords

Requirements:

  • Minimum 12 characters
  • Mix of uppercase and lowercase
  • Include numbers
  • Include special characters (!@#$%^&*)

Password Reset

If you forget your password:

1. Click "Forgot Password" on login page
2. Enter your email
3. Check email for reset link (5 minute expiry)
4. Click link and create new password
5. Sign in with new password

Password Manager

We recommend using a password manager:

  • 1Password - Best overall
  • Bitwarden - Open source
  • LastPass - Popular choice
  • Dashlane - User-friendly

Multi-Factor Authentication (2FA)

Add an extra layer of security with 2FA.

Setup 2FA 

1. Settings → Security → Two-Factor Authentication
2. Click "Enable 2FA"
3. Scan QR code with authenticator app
4. Enter verification code
5. Save backup codes in secure location

Authenticator Apps

Recommended apps:

  • Google Authenticator (free)
  • Microsoft Authenticator (free)
  • Authy (free, syncs devices)
  • 1Password (paid)

Backup Codes

When you enable 2FA, you get 10 backup codes:

aBcDeFgH1234
aBcDeFgH5678
[... 8 more codes]

Store safely:

  • ✅ Password manager
  • ✅ Secure cloud storage
  • ❌ Plain text files
  • ❌ Sticky notes

Use case: If you lose access to your authenticator app, use a backup code to regain access.

Disable 2FA 

1. Settings → Security → Two-Factor Authentication
2. Click "Disable 2FA"
3. Enter current password or 2FA code
4. Confirm

API Authentication

API Keys

For programmatic access to Solatis:

Generate API Key:

Settings → API Keys → Generate New Key

Use in API calls:

bash
curl -H "Authorization: Bearer YOUR_API_KEY" \
  https://api.solatis.team/v1/documents

Security:

  • Treat like passwords
  • Regenerate periodically
  • Revoke unused keys
  • Use one key per application

OAuth for Apps

If you're building an app that needs to access Solatis on behalf of users:

OAuth Flow:

1. User clicks "Connect to Solatis"
2. Redirected to Solatis login
3. User grants permission
4. Your app receives access token
5. Use token to access Solatis API

See OAuth Integration Guide for details.

Security Best Practices

Do:

  • Use strong, unique passwords
  • Enable 2FA on your account
  • Use a password manager
  • Check active sessions regularly
  • Update password every 60 days
  • Sign out from public computers
  • Review login activity

Don't:

  • Share your password
  • Use same password on multiple sites
  • Store password in plain text
  • Leave sessions active on public computers
  • Use 2FA SMS (less secure than apps)
  • Click suspicious login links

Troubleshooting

Can't Log In

Issue: "Invalid email or password"

Solutions:

  • Check email spelling
  • Try password reset
  • Clear browser cache
  • Try different browser

Lost Access to 2FA

Solution:

  1. Use backup code to log in
  2. Go to Settings → Security
  3. Disable current 2FA
  4. Set up new 2FA with new authenticator
  5. Save new backup codes

Suspicious Activity

If you notice:

  • Unexpected login from unknown location
  • Session from device you don't recognize
  • Password changed without your action

Actions:

  1. Change your password immediately
  2. Enable 2FA if not already enabled
  3. Review active sessions and revoke unknown ones
  4. Email security@solatis.team with details

Next Steps

Released under the MIT License.

Copyright © 2026 Solatis