General configuration
General configuration options for Supabase Auth
This section covers the general configuration options for Supabase Auth. If you are looking for another type of configuration, you may be interested in one of the following sections:
- Policies to manage Row Level Security policies for your tables.
- Sign In / Providers to configure authentication providers and login methods for your users.
- Third Party Auth to use third-party authentication (TPA) systems based on JWTs to access your project.
- Sessions to configure settings for user sessions and refresh tokens.
- Rate limits to safeguard against bursts of incoming traffic to prevent abuse and maximize stability.
- Email Templates to configure what emails your users receive.
- Custom SMTP to configure how emails are sent.
- Multi-Factor to require users to provide additional verification factors to authenticate.
- URL Configuration to configure site URL and redirect URLs for authentication.
- Attack Protection to configure security settings to protect your project from attacks.
- Auth Hooks (BETA) to use Postgres functions or HTTP endpoints to customize the behavior of Supabase Auth to meet your needs.
- Audit Logs (BETA) to track and monitor auth events in your project.
- Advanced to configure advanced authentication server settings.
Supabase Auth provides these general configuration options to control user access to your application:
-
Allow new users to sign up: Users will be able to sign up. If this config is disabled, only existing users can sign in.
-
Confirm Email: Users will need to confirm their email address before signing in for the first time.
- Having Confirm Email disabled assumes that the user's email does not need to be verified in order to login and implicitly confirms the user's email in the database.
- This option can be found in the email provider under the provider-specific configuration.
-
Allow anonymous sign-ins: Allow anonymous users to be created.
-
Allow manual linking: Allow users to link their accounts manually.