Registration and Login
Sign-up, email verification, OAuth third-party login, two-factor, and device trust.
From account registration to first login, as well as two-factor, OAuth, device trust, and email verification related to account security, it's all on this page.
Register
Invitation Only / Open Registration
Braidrun is currently in the invitation-only beta period. Two paths:
- There is an invitation code — Use it directly.
- No invitation code — Leave your email address in the "Apply for Invitation Code" form on the homepage and we will send it when the quota opens.
Registration Method ①: Email + Password
- Open /register.
- Fill in your email address, password (more than 8 characters, including letters + numbers), invitation code, and graphic verification code.
- Submit → Receive an email verification email.
- Click the link in the email to activate your account - you cannot create/save/execute workflows without activation.
Registration Method ②: Third-Party Login (OAuth/SSO)
Braidrun supports the following third-party identity logins. Which providers are available depend on the deployment instance you are currently accessing:
- International:Google · GitHub · GitLab · Microsoft · Slack · LinkedIn · Lark
- China:Feishu · DingTalk / DingTalk · Gitee
- Enterprise Self-Hosted SSO:Standard OpenID Connect (OIDC) - usually connected to Keycloak / Authentik / Okta / Auth0 / Google Workspace SSO, etc.
- All provider buttons enabled for the current deployment are displayed at the bottom of the login page.
- Click the corresponding button → jump to the provider authorization page, and jump back to Braidrun after agreeing.
- The system automatically creates an account using the email returned by OAuth (if the email has been registered, it will automatically "merge" the two login methods, allowing you to use both password and OAuth in the future).
- If the invitation code mechanism is enabled, you will need to add the invitation code when logging in for the first time.
- Check the spam box;
- Log in to the account settings and click "Resend verification email";
- Still fails: Change an email address (business/school email addresses may block external verification emails);
- The invitation email is sent within 15 minutes; the verification email is sent within 1 minute.
Log in
Login page /login supports:
- Email + password + graphic verification code
- Google / GitHub OAuth
- Magic Link (no password) - enter your email and we will send you a one-time login link
After a successful login, the session is valid for 7 days by default; if "Remember Device" is checked, it is extended to 30 days.
Two-Factor Authentication (2FA)
It is highly recommended to enable it, especially if you assume the role of Admin/Owner in the Team.
Start Steps
- "Account Settings" → Security → "Turn on two-step verification".
- Scan the QR code with Authy / Google Authenticator / 1Password.
- Enter the 6-digit verification code to confirm binding.
- The platform displays 10 backup recovery codes – saved to a password manager.
2FA On Login
After turning it on, enter the password first and then the current 6-digit TOTP every time you log in. Don't ask again for 30 days after the device is trusted.
Recovery Code
Use recovery codes to log in when you lose your phone - each code can only be used once, and if you use more than 5, you will be prompted to regenerate a batch.
Device Trust
After checking "Remember this device" when logging in, the current browser will save a long-term token:
- 7 days → valid for 30 days
- It will become invalid if no operation is performed within 30 days.
- Can be viewed/revoked in Account Settings → Security → "Trusted Devices"
Login Exception Handling
Password Error Lock
Locked for 15 minutes after 5 consecutive incorrect passwords. If you want to unlock it immediately, you can only reset it through "Forgot Password".
Forgot Password
- Login page → "Forgot password".
- Enter your email address → receive the reset email → click the link.
- Set a new password on the new page - the link is valid for 1 hour and can only be used once.
Suspicious Login Alarm
We'll send you an email when you sign in from a new device/location. If it's not you, click "Log out all + change password" in the email immediately.
Account Logout
"Account Settings" → Bottom → "Cancel Account". Logout process:
- Make sure you are not the sole owner of any Team (if so, transfer ownership first).
- Confirm to discard all personal workflows and credentials (you can export them first).
- Enter email + password + 2FA confirmation.
- The account is immediately marked as DELETED and can be logged in and restored during the 30-day cooling-off period; after that, the data is completely cleared.
Next
- Account Settings — Change profile / notification preferences / API token
- BYOK · Bring Your Own LLM Key — Make workflows use your own LLM account