Zone Authentication
Configuring and using Zone Authentication
Keycard provides zone user authentication by default. If you want to use your own identity provider (Okta, Auth0, Google, etc.) for zone-level user authentication, see Identity Providers.
Configuring and using Zone Authentication
Section titled “Configuring and using Zone Authentication”-
Configure Zone Authentication
- In Keycard Console, go to Zones, open the ⋯ menu on your zone’s card, and select Settings.
- On the Settings tab, find Zone sign in configuration and open the Identity Provider dropdown. Keep the default to use Keycard’s built-in authentication, or select your own identity provider.
- Click Save Changes.
-
Use a Zone Protected Application or MCP Server / Create a Zone User Account
For ease of use, zone user sign up is done in-band; when a user attempts to connect to a zone provided application or MCP server, they will be prompted to login or sign up. After sign up or login if a user has not yet verified their email, they will be prompted to do so.
Troubleshooting
Section titled “Troubleshooting”Account creation fails
- Ensure they do not have an account, look for their email in People in Keycard Console, if they have an account, instruct them to click Forgot Password? from the sign in page to reset their password.
Login fails
- Ensure they have an account, look for their email in People in Keycard Console. If they have an account, instruct them to click Forgot Password? from the sign in page to reset their password.
I verified my email, but I still am not authenticated?
- If you clicked the email verification link rather than entering the code to continue the flow, you will need to reconnect to your application or MCP server and login to the zone to proceed.