Loopback.Cloud
Documentation
DocumentationAccounts

Accounts - registration, sign-in, and account security

Your account is your personal identity in Loopback. It is separate from organizations (tenants) and workspaces (environments). This page covers what you typically do at account scope.

Registration

When self-service registration is enabled for the deployment, a new user can create an account by providing:

  • First and last name
  • Email
  • Password (length limits apply)

If registration is disabled, you receive credentials or an invite flow from your operator.

After registration you verify email (deployment-specific) before full access.

Sign-in

Standard email + password login establishes a session. Additional mechanisms may include:

  • Two-factor authentication (2FA) - TOTP or similar, if you enable it on your account.
  • WebAuthn / security keys - passwordless or second factor, depending on configuration.

Failed login and recovery flows should respect rate limits your operator configures.

Account profile and settings

Typical self-service account capabilities (exact UI labels vary):

  • Update name or contact details tied to the account.
  • Manage password changes.
  • Enable or disable 2FA and register WebAuthn devices.
  • Create or revoke account API keys - long-lived tokens for automation that impersonates your user (scripts, CI) subject to the same organization permissions you already have.

Important: An API key is not a workspace agent token. Workspace agent tokens authorize machines inside infrastructure; account API keys authorize API calls as you.

Recovery

Password recovery or email reset flows exist for locked-out users. Treat recovery links as single-use and time-limited.

Multi-organization reality

One account can hold many memberships:

  • You might be owner in your startup org and read-only in a partner org.
  • Switching “context” in the UI is switching which organization’s projects you act on.

Permissions are always evaluated as (account, organization[, project[, workspace]]) - see Access control.

What accounts cannot do alone

Without a membership, an account cannot see any organization data.

Without organization-level permissions, an account cannot create projects or see billing.

Loopback.Cloud
© Loopback.Cloud. All rights reserved.