Skip to main content

Access Control & Authentication

Learn how Glossa manages user authentication and access controls to keep your organization secure.

Written by Ali
Updated over a month ago

Overview

Glossa implements a straightforward access control system based on two user roles (Owner and Member) and organization-level permissions. Authentication uses industry-standard methods including password-based login and social login via trusted providers.

Authentication Methods

Password-Based Login

Standard login process:

  1. Navigate to glossapro.ai

  2. Click Sign In

  3. Enter your email address

  4. Enter your password

  5. Click Sign In

Password requirements:

  • Minimum length enforced

  • Must meet complexity requirements

  • Unique to Glossa (don't reuse passwords)

Best practices:

  • Use a strong, unique password

  • Use a password manager to generate and store passwords

  • Don't share your password with anyone

  • Change your password if you suspect it's been compromised

Social Login

Glossa supports social login via WorkOS, allowing you to sign in with existing accounts:

Supported providers:

  • Google

  • Microsoft

  • Github

How to use social login:

  1. Navigate to glossapro.ai

  2. Click Log In

  3. Choose your social login provider (e.g., "Continue with Google")

  4. Authorize Glossa to access your account

  5. You're signed in automatically

Benefits:

  • No separate password to remember

  • Faster login process

  • Leverages existing account security

  • Use same account across multiple services

What Glossa accesses:

  • Your email address (for account identification)

  • Your name (for display in the application)

  • No access to email content, files, or other data

Customer-by-Customer Authentication Features

Single Sign-On (SSO):

  • Enterprise SSO can be made available for select customers

  • Can integrate with your organization's identity provider (Okta, Azure AD, etc.)

  • Contact [email protected] to discuss SSO for your org

Multi-Factor Authentication (MFA):

  • MFA can be made available for select customers

  • Can enable additional authentication factors

  • Contact [email protected] to discuss MFA for your org

Role-Based Access Control (RBAC)

Two User Roles

Glossa has a simple two-role system:

Owner:

  • Full administrative access

  • Can manage billing and payment

  • Can enable and configure integrations

  • Can invite and remove members

  • Can change user roles

  • All project work permissions

Member:

  • All project work permissions

  • Can invite new members

  • Cannot access billing

  • Cannot enable integrations

  • Cannot change roles or remove members

See the User Roles article for detailed permission comparison.

Organization-Level Permissions

Key principle: All permissions apply at the organization level, not per-project.

What this means:

  • Every member can access every project

  • Every member can edit every project

  • Cannot restrict access to specific projects

  • No per-project permission settings

Implications:

  • Only invite people you trust with full access

  • All team members see all client work

  • Requires careful member management

  • Consider multiple organizations for strict separation

See the Organization-Level Access article for details.

Account Management

Creating an Account

On first invitation:

  1. Receive invitation email from Glossa

  2. Click the invitation link

  3. Create your account (set password or use social login)

  4. Access your organization immediately

Self-signup:

  • Not available - must be invited by existing member

  • Prevents unauthorized access

  • Ensures controlled team composition

Password Reset

If you forgot your password:

  1. Go to the Glossa login page

  2. Click Forgot Password

  3. Enter your email address

  4. Check your email for reset link

  5. Click the link and set a new password

Reset link:

  • Valid for 24 hours

  • Single use only

  • Request new link if expired

Alternatively, use Email sign-in code so you don't have to reset your password

Account Security Settings

Current security settings:

  • Password management

  • Social login connections

  • No session management (logout is automatic)

Session Management

Login Sessions

How sessions work:

  • Login creates an authenticated session

  • Session maintained while browser is open

  • Session expires after period of inactivity

  • Can be logged out manually

Logging Out

To log out:

  1. Click your name in the bottom left corner

  2. Select Log Out

  3. You're returned to the login page

When to log out:

  • On shared or public computers

  • Before leaving your desk

  • When switching accounts

  • At the end of your work session

Automatic logout:

  • Sessions expire after extended inactivity

  • No explicit timeout shown in UI

  • Must log back in if session expires

Multiple Devices

Access from multiple devices:

  • Can be logged in on multiple devices simultaneously

  • Each device has its own session

  • Logging out on one device doesn't affect others

  • Changes sync across all logged-in sessions

Access Monitoring

Audit Logging

Glossa maintains comprehensive audit logs including:

  • Login attempts (successful and failed)

  • User actions (create, edit, delete)

  • Integration connections

  • Administrative changes

  • File uploads and downloads

Log access:

  • Not directly accessible to users

  • Available to Owners upon request

  • Used for security investigations

  • Retained for compliance purposes

Suspicious Activity

What Glossa monitors:

  • Failed login attempts

  • Unusual access patterns

  • Geographic anomalies

  • Integration authorization requests

If suspicious activity detected:

  • Glossa security team investigates

  • Account may be temporarily locked

  • Owner receives notification

  • Resolution assistance provided

Best Practices

Password Security

Create strong passwords:

  • At least 12 characters long

  • Mix of uppercase, lowercase, numbers, symbols

  • Not based on personal information

  • Unique to Glossa (not reused)

Use a password manager:

  • Generates strong passwords

  • Stores passwords securely

  • Auto-fills login forms

  • Syncs across devices

Account Protection

Protect your account:

  • Never share your password

  • Don't write passwords down

  • Log out on shared computers

  • Report suspicious emails claiming to be from Glossa

  • Verify Glossa URLs (glossapro.ai) before logging in

Social Login Security

If using social login:

  • Ensure your Google/Microsoft account is secure

  • Enable MFA on your social login provider

  • Monitor authorized applications

  • Revoke access if account compromised

Team Access Management

As an Owner:

  • Review member list regularly

  • Remove departed team members promptly

  • Verify new member invitations before sending

  • Monitor for unexpected account activity

As a Member:

  • Report suspicious activity to Owners

  • Don't share your login with colleagues

  • Use your own account (don't share credentials)

  • Notify Owners if you lose access to your email

Troubleshooting

Cannot Log In

If login fails:

  1. Verify email address is correct

  2. Check password (case-sensitive)

  3. Try Email sign-in code

  4. Try password reset if forgotten

  5. Try different browser or incognito mode

  6. Clear browser cache and cookies

  7. Contact support if issue persists

Social Login Not Working

If social login fails:

  1. Verify you're using the correct provider account

  2. Check you authorized Glossa in provider settings

  3. Try disconnecting and reconnecting provider

  4. Try regular password login instead

  5. Contact support if issue continues

Locked Out of Account

If your account is locked:

  1. Check email for notification from Glossa

  2. May be due to failed login attempts

  3. Contact [email protected] for assistance

  4. Provide account details and explanation

  5. Account can be unlocked after verification

Session Expired

If you get "session expired" message:

  1. Simply log in again

  2. This is normal after inactivity

  3. No action needed beyond re-authentication

  4. Your work is saved

Lost Access to Email

If you can't access your email:

  1. Cannot reset password without email access

  2. Contact [email protected] from alternate email

  3. Provide organization details for verification

  4. Account Owner can remove and re-invite you

  5. Use different email address for new invitation

Security Recommendations

For Owners

Administrative security:

  • Use strong passwords or social login with MFA

  • Review member access quarterly

  • Remove users within 24 hours of departure

  • Monitor integration connections

  • Verify billing information regularly

Organization security:

  • Only invite trusted internal team members

  • Don't share Glossa access with external stakeholders

  • Consider multiple organizations for sensitive projects

  • Document who has access and why

For All Users

Daily security:

  • Log out when done working

  • Don't access Glossa on public/shared computers

  • Report phishing attempts or suspicious emails

  • Verify you're on glossapro.ai before entering credentials

  • Keep your contact email secure

Integration security:

  • Only connect integrations you need

  • Review permissions before authorizing

  • Disconnect unused integrations

  • Monitor integration activity

Related Articles
Microsoft Teams
Managing Members
Organization Level Access
Common Issues & Troubleshooting
Zoom
Did this answer your question?