Skip to main content

Auth And Account Access

Moltern account access covers signing in to the product and connecting source providers for deployments.

Sign In Options

The sign-in page can show:

  • Email and password.
  • Continue with Google.
  • Continue with GitHub.

The options shown depend on the workspace and product configuration.

Moltern sign-in page

Create An Account

The registration page asks for:

  • Name.
  • Email.
  • Password.
  • Password confirmation.

Passwords must be at least 8 characters.

OAuth Sign-In

OAuth sign-in lets users authenticate with an external provider.

If OAuth fails:

  • Confirm popups and redirects are allowed.
  • Try the same provider again.
  • Check whether the provider account uses the expected email address.
  • Clear Moltern cookies if the browser keeps returning to login.

GitHub Login Versus GitHub Repository Access

GitHub login and GitHub repository access are separate.

AreaPurpose
GitHub loginAuthenticates your Moltern user account.
Moltern GitHub App installationGrants Moltern access to selected repositories for deployments.

Installing the Moltern GitHub App does not change your Moltern login identity.

Connect GitHub For Deployments

From Applications -> New App:

  1. Click the GitHub connection prompt.
  2. Allow the popup.
  3. Choose the GitHub account or organization.
  4. Select only the repositories Moltern should deploy.
  5. Return to Moltern.
  6. Refresh the repository list if needed.

Repository Access Troubleshooting

If a repository is missing:

  • Confirm it was selected in the GitHub App installation.
  • Confirm organization approval is complete.
  • Confirm you are in the correct Moltern workspace.
  • Click refresh in the repository picker.
  • Reopen the GitHub installation and adjust repository access.

Access Hygiene

  • Remove repository access when a workspace no longer deploys that repo.
  • Avoid granting all repositories if selected access is enough.
  • Use separate production and development environments.
  • Keep user accounts tied to real people, not shared logins.
  • Rotate credentials and webhook secrets when owners leave.