Docs/Workspaces and access

Workspaces and access

Security and access overview

Use Settings to manage your profile, enable TOTP and passkeys, revoke unknown sessions, and confirm your role in each workspace you belong to.

4 min readadmincoordinator

Step by step

  1. 1

    Open Settings

    Open Settings from the main navigation. The left rail shows Profile, Security, Sessions, and Workspaces.

  2. 2

    Update your profile

    In Profile, confirm your display name and email are correct - these show up on every project, message, and audit log entry you produce.

  3. 3

    Enable TOTP

    In Security, click 'Enable TOTP' and scan the QR code with an authenticator app. Save the recovery codes somewhere safe (a password manager works well).

  4. 4

    Add a passkey

    Still in Security, click 'Add passkey' to register a hardware-backed credential on this device. Repeat on every device you commonly use.

  5. 5

    Review sessions and memberships

    In Sessions, scan the list and revoke any session you don't recognise. In Workspaces, verify the role you have in each workspace matches what you expect.

Guide details

What you'll find in Settings

Account-level security is managed from Settings. Workspace-level access policy is managed from Configuration. The two areas are intentionally separate so personal credentials and shared operational defaults don't get tangled.

  • Profile - display name, email, avatar.
  • Security - password, passkeys, TOTP, MFA status.
  • Sessions - every active session with device/browser hints and revoke button.
  • Workspaces - list of memberships with role and a switcher.

Workspace roles at a glance

Roles control what you can do inside a workspace.

  • WORKSPACE_ADMIN - full configuration, members, overrides, billing.
  • ANCHOR - create and run projects, manage stakeholders, send invitations.
  • STAFF - operate on projects they are added to; no workspace configuration.

FAQ

What authentication options are available?

Email + password, email magic link, and passkeys (WebAuthn) are supported for primary sign-in. TOTP from any authenticator app (1Password, Authy, Google Authenticator, etc.) is supported as a second factor.

What is the difference between Settings and Configuration?

Settings is for your personal account - profile, password, passkeys, TOTP, sessions, and the list of workspaces you belong to. Configuration is the workspace admin area for shared defaults.

What happens if a workspace requires MFA?

If your workspace's 'MFA required roles' list includes your role and you haven't enabled TOTP, the app redirects you to Settings → Security to set up TOTP before any protected page loads.

What can each role do?

There are three workspace roles. WORKSPACE_ADMIN can manage members, configuration, and overrides. ANCHOR can run projects and manage stakeholders. STAFF has operational access to projects but not workspace settings.

Can I see and revoke active sessions?

From Settings → Sessions you can see and revoke any active session (other browsers, other devices). Use this if you think a session may have been compromised or if you signed in somewhere you no longer control.