Skip to content

Account Setup

This guide walks you through logging in to Durantic and configuring your account settings.

Logging In

Durantic supports three authentication methods:

  • Passkey (WebAuthn) — Sign in using a hardware security key, fingerprint sensor, or platform authenticator built into your device. This is the most secure option and does not require a password.

  • OAuth Provider — Sign in with Google. This links your Google account to your Durantic account.

  • Magic Link — Enter your email address and receive a one-time sign-in link. No password needed — just check your inbox and click the link.

You can use any of these methods interchangeably once your account is set up. All three lead to the same account as long as the email address matches.

Account Settings Overview

Account settings are accessible from the sidebar. The settings are organized into three groups:

Organization - Organization — General organization settings - Members — Team member management

Account - Email — Email address configuration - Connected Accounts — Linked OAuth providers

Security - 2FA — Two-factor authentication - Sessions — Active session management - API Tokens — Long-lived tokens for programmatic access

Account Settings

Organization Settings

The Organization page contains settings that apply to your entire workspace:

  • Default Image — The OCI image used when provisioning a machine whose Machine Role does not specify an image. Select from your Images catalog. Leave unset to require every role to specify its own image explicitly.

Members

The Members page lets you invite and manage team members in your organization:

Members page

  • Invite new members by email address.
  • View all current members and their roles.
  • Remove members who no longer need access.

All members within an organization share access to the same machines, roles, mesh networks, and secrets.

Email and Connected Accounts

Email — View and manage the email address associated with your account. This is the address used for magic link sign-in and notifications.

Connected Accounts — Link or unlink your Google account to your Durantic account. Connecting Google gives you an additional sign-in method without needing a magic link or passkey.

Security

Two-Factor Authentication (2FA)

Add a second layer of protection to your account. Durantic supports two types of 2FA:

2FA settings page

  • TOTP (Time-Based One-Time Password) — Use an authenticator app such as Google Authenticator, Authy, or 1Password to generate six-digit codes.

  • Passkey — Register a WebAuthn-compatible device (hardware key, fingerprint sensor, or platform authenticator) as a second factor.

You can enable both methods simultaneously for maximum flexibility.

Sessions

The Sessions page shows all active sessions for your account, including:

  • Device and browser information
  • IP address
  • Last activity timestamp

You can revoke any session to immediately sign out that device. This is useful if you suspect unauthorized access or want to clean up old sessions.

API Tokens

The API Tokens page lets you create and manage long-lived tokens for programmatic access to the Durantic API — for example, for use with the Terraform provider.

API Tokens page

Creating a token: 1. Click Create Token. 2. Enter a descriptive name (e.g. terraform-prod). 3. Choose an expiry from the dropdown: a preset (7, 30, 60, 90, or 180 days), a Custom date, or No expiration. The default is 30 days. 4. Click Create. The plaintext token is shown once — copy it immediately and store it securely.

The token value begins with dur_ followed by a random string. Only the first 8 characters are stored for display; the full value is never stored.

Revoking a token: Open the row menu for a token and select Revoke. The token stops working immediately, cannot be re-activated, and is automatically removed from the list. Create a new token if access is needed again.