Skip to main content
parlance — home

Authentication

parlance gives you several ways to sign in, so you can pick what fits how you and your organisation work. You can start with email and a password, continue with a social provider, or sign in without a password at all using a passkey. Once you are in, you can add an extra layer of security from Account → Security, and organisations on the Enterprise plan can route everyone through single sign-on.

All of these methods bring you to the same place: your dashboard, ready to create a workspace and run your first audit.

Email and password

The simplest way to get started. Open sign in, enter your email address and choose a password, and parlance creates your account.

  • Use a strong, unique password — a password manager is the easiest way to do this.
  • You can change your password later, and reset it by email if you forget it.
  • We strongly recommend adding two-factor authentication or a passkey once your account exists.

Social sign-in

Prefer not to manage another password? Continue with an account you already have. parlance supports:

  • Google
  • GitHub
  • GitLab (including self-hosted GitLab instances)
  • Apple

From sign in, choose the provider and authorise parlance. We only ever receive your name and email address from the provider — never your password. If your provider account is itself protected by two-factor authentication, that protection carries through to your parlance sign-in.

Two-factor authentication (2FA)

Two-factor authentication adds a second step to sign-in: after your password, you enter a one-time code from an authenticator app on your phone. Even if someone learns your password, they cannot sign in without that code.

parlance uses TOTP (time-based one-time passwords), which works with any standard authenticator app — for example Google Authenticator, 1Password, Authy or Microsoft Authenticator.

To enable it:

  1. Sign in, then go to Account → Security.
  2. Choose to add two-factor authentication and scan the QR code with your authenticator app.
  3. Enter the code your app generates to confirm the setup.
  4. Save your recovery codes somewhere safe — they let you back in if you lose your device.

From then on, you will be asked for a code from your authenticator app each time you sign in.

Passkeys

A passkey lets you sign in without a password at all. Instead, you confirm it is you with the same thing you use to unlock your device — Face ID, Touch ID, your device PIN, or a hardware security key. Passkeys are both more convenient and more resistant to phishing than passwords, because there is no secret to type, leak or reuse.

Passkeys are built on the WebAuthn standard and are managed from Account → Security.

To add one:

  1. Sign in, then go to Account → Security.
  2. Choose to add a passkey.
  3. Follow your device or browser prompt to confirm with Face ID, Touch ID, your device PIN or a security key.

You can register more than one passkey — for instance, one on your laptop and one on your phone — and remove any you no longer use. Next time, choose the passkey option at sign in and confirm with your device.

Enterprise single sign-on (SSO)

Organisations on the Enterprise plan can sign in through their own identity provider using SAML single sign-on. With SSO, your team signs in with their existing company credentials, and access is governed centrally by your identity provider rather than by individual parlance passwords.

Unlike the methods above, SSO is configured once for a whole organisation rather than enabled per person. Your administrator connects parlance to your identity provider (such as Okta, Microsoft Entra ID, Google Workspace or another SAML provider), after which members sign in through your organisation's login.

SSO is available on the Enterprise plan — see pricing to learn more or to get in touch about enabling it for your organisation.

Choosing a method

  • Individuals and small teams. Sign in with email and a password (or a social provider), then add either two-factor authentication or a passkey from Account → Security. A passkey is the most convenient and the most phishing-resistant option.
  • Organisations. Use enterprise single sign-on on the Enterprise plan, so access is managed centrally through your identity provider.

A note on API keys

API keys are for programmatic access — scripts, CI pipelines and integrations that call parlance on your behalf — and are separate from how you sign in to the dashboard. Manage them under Account → API keys, and see the REST API reference for how to use them.