Skip to main content
Dashboard authentication described here applies to Novu Cloud. Self-hosted deployments use email and password only. See Self-Hosted and Novu Cloud for a full comparison.
Novu Cloud handles sign-in, session management, and account security for the dashboard. After you authenticate, you can access every organization you belong to and switch between them without signing in again.

Sign-in methods

Novu Cloud supports the following ways to create an account and sign in:

Email and password

Create an account with your email address and a password. Novu sends a verification email before your account is fully activated. Use this method if you prefer a traditional credential-based sign-in or if your organization does not use SSO.

Google and GitHub

Sign up or sign in with your existing Google or GitHub account. Social sign-in links your Novu account to the provider you choose, so you do not need a separate password.

Enterprise SSO (OIDC and SAML)

Enterprise customers can connect a corporate identity provider using OpenID Connect (OIDC) or SAML 2.0. This lets your team sign in with credentials managed by your organization—common providers include Okta, Microsoft Entra ID, and Google Workspace. For setup details, see SAML SSO & SCIM.

Multi-factor authentication (MFA)

Add a second verification step to protect your account. Novu supports:
  • Authenticator app (TOTP) — Use an app such as Google Authenticator or 1Password to generate time-based codes.
  • SMS verification code — Receive a one-time code by text message where enabled.
Users can enable MFA from their account security settings. Enterprise customers can require MFA for all organization members—contact [email protected] to configure organization-wide MFA policies.

Session management

Novu manages authenticated sessions with industry-standard security practices:
  • Active sessions — View devices and browsers where you are currently signed in.
  • Session revocation — Sign out of a specific device or end all active sessions from your account settings.
  • Automatic expiration — Sessions expire after a period of inactivity to reduce the risk of unauthorized access.

Authorization after sign-in

Authentication confirms who you are. Authorization controls what you can do inside each organization:

Best practices

If your company uses a corporate identity provider, enable OIDC or SAML SSO so access is governed by your existing IT policies, including password rotation and account deactivation.
Require MFA for users with Owner or Admin roles. Owners control billing, API keys, and team membership. Admins can manage workflows, integrations, and API keys.
Add a verified domain so colleagues with your company email can join your organization through a controlled process instead of ad-hoc sign-ups.
When someone leaves your team, remove them from the organization or rely on SCIM deprovisioning so their dashboard access is revoked immediately.
Select your preferred data region when creating your account. Region selection affects where your notification data is stored.

Organizations

How organizations work, creating orgs, and switching between them.

Roles and permissions

Role-based access control for dashboard actions.

Team members

Invite, manage, and remove organization members.

Security and compliance

SOC 2, ISO 27001, GDPR, HIPAA, and data residency.