Docs
Security

Authentication & SSO

FormsIntel uses state-of-the-art authentication mechanisms to protect your account and data. We provide both standard email/password flows and a premium Google SSO Sandbox.

Standard Authentication

Registration & Login

Create an account using your email address and a secure password. Passwords are cryptographically hashed using bcrypt with a high work factor before being stored in our database. We never store plain-text passwords.

Password Reset

If you forget your password, you can initiate a reset flow. A time-limited, cryptographically secure token is generated and emailed to you, ensuring only the account owner can authorize the password change.

Premium Google SSO Sandbox

To help developers test and demo enterprise-grade security flows to their clients, FormsIntel includes a fully functional Google SSO Simulator in the authentication panel.

The Sandbox Flow

  1. Navigate to the `/waitlist` page, enter an access code, then proceed to sign in and click the Continue with Google button.
  2. A polished mock Google OAuth consent screen appears, allowing you to select a simulated Google account profile.
  3. Upon selection, the system seamlessly authenticates you and provisions a session without requiring a real Google Workspace backend.

2-Step Verification (2FA) Simulator

When using the Google SSO Sandbox, you can trigger a high-security 2FA flow.

After selecting an account in the SSO simulator, you'll be prompted with a beautifully designed 6-digit Authenticator screen. This UI perfectly mirrors what enterprise users expect when utilizing Google Authenticator or Authy.

  • Features auto-advancing input fields.
  • Supports pasting a full 6-digit code which automatically populates the grid.
  • Includes loading spinners and simulated backend validation delays for a realistic client demo.

Session Security

Under the hood, FormsIntel uses industry best practices to manage your active sessions.

JWT (JSON Web Tokens)Authentication state is managed via stateless JWTs, signed securely with an environment-level secret key.
httpOnly CookiesTokens are stored in httpOnly, secure cookies. This prevents malicious JavaScript (XSS attacks) from reading your session token.
CORS PoliciesStrict Cross-Origin Resource Sharing (CORS) rules ensure that only the FormsIntel frontend can initiate sensitive account mutations.