Skip to main content
Beebole signs everyone in without passwords. Instead, you confirm your identity with a one-time code emailed to you, a passkey, your Google or Microsoft account, or your organization’s single sign-on (SSO) provider. Because there is no password to create, forget, or reset, there is nothing for an attacker to steal or reuse.
Every sign-in method matches against the email address on a person’s Beebole profile. To sign in, that email must already belong to an active person in your Beebole account.

Sign-in methods

Beebole offers four ways to sign in. A person can use whichever is most convenient on a given device.
MethodHow it worksSetup needed
Email codeBeebole emails a one-time 6-digit code; you enter it to sign inNone — available by default
PasskeyYour device unlocks sign-in with a fingerprint, face, or hardware keyEnable once per device
Google or MicrosoftYou sign in through your existing Google or Microsoft accountNone for the person; for Google, an admin can link the domain for SSO enforcement
SSOYou sign in through your organization’s identity providerAn admin configures it on Account Settings

Email code

The email code is the default method. Enter your email address on the Beebole sign-in page, and Beebole sends a one-time 6-digit code to your inbox. Enter the code to finish signing in. The code is single-use and expires after a short time — request a new one if it does not arrive, and check your spam folder.

Passkey

A passkey signs you in with your device’s built-in security — a fingerprint, face recognition, or a hardware security key — so you skip the email code entirely. Passkeys are phishing-resistant because the credential never leaves your device. Enable a passkey from your user menu:
1

Open the user menu

Click the button with your initials at the bottom of the sidebar.
2

Enable the passkey

Click Enable passkey and follow your browser’s prompts to register a fingerprint, face, or hardware key.
Enable passkey appears in the user menu only on devices that support passkeys and only when your account does not already have one registered.

Google and Microsoft sign-in

You can sign in with an existing Google or Microsoft account, which is convenient for teams already using Google Workspace or Microsoft 365. Beebole matches the Google or Microsoft account’s email address to your Beebole profile, so the two must use the same email address.

Single sign-on (SSO)

Single sign-on lets your whole team authenticate through your organization’s identity provider using OpenID Connect. An administrator configures it on the Single Sign-On panel of Account Settings. Beebole supports three providers, each on its own tab: Google, Microsoft, and Custom OpenID (for providers such as Okta, Auth0, or Microsoft Entra ID).
Open the Single Sign-On panel from Account Settings — the page you reach through Settings > Account Settings. SSO is configured on the organization itself, not as a separate menu item. All SSO settings save automatically as you change them.
The Custom OpenID tab is available on higher-tier plans. If your plan does not include it, only the Google and Microsoft tabs appear. See Subscription & Billing for what each plan includes.

Google SSO

1

Open the Google tab

On Account Settings, open the Single Sign-On panel and select the Google tab.
2

Link a domain

Type your organization’s email domain in the Linked domains field and click Add. People whose email matches a linked domain are sent to Google sign-in. Click Remove next to a domain to unlink it.
3

Provision new people automatically (optional)

Turn on Automatically create new users on first SSO login to create a person automatically the first time someone with a matching domain signs in.
4

Require Google sign-in (optional)

Turn on Disable interactive sign-in. Only Google sign-in allowed. to block the email-code method for your organization.

Microsoft SSO

On Account Settings, open the Single Sign-On panel and select the Microsoft tab. To require everyone to authenticate through Microsoft, turn on Disable interactive sign-in. Only Microsoft sign-in allowed.

Custom OpenID

The Custom OpenID tab connects any OpenID Connect-compatible provider.
1

Open the Custom OpenID tab

On Account Settings, open the Single Sign-On panel and select the Custom OpenID tab.
2

Enter your provider details

Fill in the Issuer URL, Client ID, and Client Secret from your identity provider. If your provider does not support OpenID Connect discovery, turn on Other provider and enter the Authorization URL and Token URL by hand instead of the issuer.
3

Configure your provider

Copy the Initiate URI and Callback URI shown in Beebole (each has its own Copy button) and paste them into your identity provider’s application settings.
4

Require this provider (optional)

Turn on Disable interactive sign-in. Only this SSO provider allowed. to block all other sign-in methods.
Before turning on a Disable interactive sign-in toggle, confirm SSO works by signing in as a test user. If your identity provider becomes unavailable while enforcement is on, your team is locked out until you turn the toggle back off.

API keys

Each person has one API key for Beebole’s GraphQL API. Beebole creates the key automatically the first time you open it — there is no key to add, and no expiration to set.
1

Open the user menu

Click the button with your initials at the bottom of the sidebar.
2

Open API Key

Click API Key. Your key is shown, partly masked.
3

Copy or reset the key

Click Copy to copy the full key to your clipboard. Click Reset to revoke the current key and generate a new one.
Treat your API key like a credential — never share it or commit it to source control. If it is exposed, click Reset to revoke it and issue a new one immediately. Any integration using the old key stops working until you update it.

Sign in as another person

Administrators can sign in as another person to troubleshoot a problem or confirm what that person sees. You start this from your own user menu, not from the other person’s profile.
1

Open the user menu

Click the button with your initials at the bottom of the sidebar.
2

Choose Sign in as…

Click Sign in as…. A search box opens listing the people in your account — pick the one you want.
3

Return to your own account

Click Stop to end the session and return to your own account.
Sign-in-as activity is recorded in the audit trail, attributed to the administrator who started it. The option appears only for people with the Admin role.

Related content

Account Settings

Configure your organization, including the Single Sign-On panel.

Roles & permissions

Control what each person can see and do in Beebole.

Audit Trail

Review a log of actions taken in your account, including sign-in-as.

API Introduction

Authenticate to the Beebole GraphQL API with your API key.

Frequently asked questions

Beebole has no passwords. You sign in with a one-time 6-digit code sent to your email, or more quickly with a passkey, your Google or Microsoft account, or your organization’s SSO provider. With no password to steal or reuse, there is nothing to forget or reset.
Yes. As long as your organization has not turned on a Disable interactive sign-in toggle, you can sign in with the email code, a passkey, or a linked Google or Microsoft account — whichever is handiest on the device you are using.
On Account Settings, open the Single Sign-On panel, select your provider’s tab, and turn on its Disable interactive sign-in toggle. This blocks the email-code method so everyone must authenticate through the configured provider.
Confirm they are using the exact email address on their Beebole profile, and ask them to check their spam folder for the 6-digit code. As an administrator, you can use Sign in as… from your user menu to see Beebole as they do.
One. Beebole creates a single API key per person automatically and offers Copy and Reset actions for it. Resetting revokes the old key and issues a new one — there are no multiple keys and no expiration dates to manage.