All updates
New feature

"Full authentication & session management — a complete Users console"

Project Authentication is now a complete identity console — a richer Users list with a per-user detail panel, realm-wide active sessions with one-click revoke, MFA management, configurable brute-force and password policies, phone numbers, and real client IPs with geolocation.

A real identity console for every project

Project Authentication grew from a simple user list into a full identity console — the kind of session and user management you'd expect from a hosted auth provider. It all lives under your project's Authentication screen, with new tabs alongside the existing Users, Settings, Providers, and Email.

Users — richer list + per-user detail drawer

The Users table now shows everything at a glance:

Click any row to open a detail drawer with the full picture of one user:

Sessions — see and control who is signed in

A new Sessions tab lists every active session across all users in the project, showing the user, IP address, location, the clients in use, and start / last-access times. You can revoke any session instantly.

To make this genuinely useful:

MFA — multi-factor authentication management

A new MFA tab lists every user with an enrolled factor (authenticator app / security key), showing the factor type and enrollment date. From here you can:

Policies — brute-force protection & password rules

A new Policies tab writes security policy straight to your project:

Quality of life

Open Authentication → Sessions in any project, sign in from another device, and watch the session — with its location — appear. Then try Revoke or Sign out of all sessions.