# Access and authentication ### User access Access to UbiQuity is managed through individual user accounts. We recommend: * Creating a unique account for each user * Avoiding shared logins * Removing access promptly when a user no longer requires it This ensures accountability and reduces the risk of unauthorised access. *** ### Roles and permissions UbiQuity allows you to control what users can see and do within the platform. Use roles and permissions to: * Limit access to only what each user needs * Restrict sensitive actions (such as sending campaigns or managing data) * Support internal governance and approval processes *** ### Authentication Users sign in to UbiQuity using secure authentication methods. Depending on your setup, this may include: * Single Sign-On (SSO) using your organisation’s identity provider * Standard username and password authentication with two-factor authentication {% hint style="info" %} **SSO (via OpenID Connect) is recommended for improved security and centralised access management.** {% endhint %} *** ### Two-factor authentication (2FA) For non-SSO accounts, two-factor authentication adds an extra layer of security by requiring a second verification step when signing in. When enabled, users must provide: * Something they know (their password) * Something they have (such as a code from an authenticator app) We recommend enabling 2FA for all users to reduce the risk of unauthorised access, especially for accounts with elevated permissions. *** ### Password security If using standard authentication, ensure strong password practices: * Use long, unique passwords * Avoid reusing passwords across systems * Update passwords if there is any suspicion of compromise *** ### Best practices * To maintain a secure environment: * Enable SSO if possible * For non-SSO accounts, enforce 2FA for all users * Regularly review user access and permissions * Remove inactive or unused accounts * Apply the principle of least privilege --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.ubiquity.co.nz/access-and-authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.