Access Controls
Manage access to your repositories and data with robust authentication and authorization controls. Configure MFA, API keys, session management, and enterprise SSO.
DevLyTicks provides multiple layers of access control to ensure only authorized users can access your data.
Security Layers:
- • Authentication - Verify user identity (who you are)
- • Authorization - Control what users can access (what you can do)
- • Session Management - Secure and time-limited sessions
- • Audit Logging - Track all access and changes
- • API Security - Secure programmatic access
GitHub OAuth (Recommended)
Single sign-on with your GitHub account for seamless integration.
- ✓ No password to remember
- ✓ Automatic team sync
- ✓ Leverages GitHub's security
- ✓ MFA support via GitHub
Magic Links
Passwordless authentication via email for quick, secure access.
- ✓ No password needed
- ✓ Secure, time-limited links
- ✓ Expires after 15 minutes
- ✓ One-time use only
Add an extra layer of security to your account with multi-factor authentication.
GitHub MFA
When using GitHub OAuth, enable MFA on your GitHub account for automatic protection
Organization Requirement
Organization owners can require MFA for all members (Enterprise plan)
Supported Methods
Authenticator apps (Google Authenticator, Authy), SMS, security keys (YubiKey, etc.)
Create and manage API keys for programmatic access to DevLyTicks analytics data.
API Key Features:
- • Multiple Keys - Create separate keys for different integrations
- • Scoped Permissions - Limit what each key can access
- • Expiration - Set automatic expiration dates for keys
- • Usage Tracking - Monitor API key usage and last access time
- • Instant Revocation - Revoke compromised keys immediately
- • Rate Limiting - Prevent abuse with automatic rate limits
Security Best Practice: Treat API keys like passwords. Never commit them to version control or share publicly.
DevLyTicks uses secure, time-limited sessions to protect your account.
Session Security
- • HttpOnly cookies
- • Secure flag (HTTPS only)
- • SameSite protection
- • CSRF tokens
- • Session fingerprinting
Session Duration
- • 7-day default lifetime
- • 30-minute idle timeout
- • Auto-logout on close (optional)
- • Remember me option (30 days)
- • Manual logout anytime
Track all access and changes to your organization for compliance and security monitoring.
Logged Events:
- • Authentication - Logins, logouts, failed attempts
- • Member Management - Invitations, role changes, removals
- • Repository Access - Repository additions and removals
- • Settings Changes - Organization and security settings
- • API Usage - API key creation, usage, and revocation
- • Data Export - When data is exported or downloaded
Retention: Audit logs retained for 90 days (1 year for Enterprise)
Restrict access to your organization from specific IP addresses or ranges.
Allowed IPs
Specify IP addresses or CIDR ranges that can access your organization
Emergency Access
Organization owners can temporarily bypass IP restrictions for emergency access
Enterprise customers can enable Single Sign-On via SAML 2.0 for centralized authentication.
Supported SSO Providers:
- • Okta
- • Microsoft Azure AD
- • Google Workspace
- • OneLogin
- • Custom SAML 2.0 providers
Contact Sales: SSO setup requires Enterprise plan and assistance from our team
Quickly revoke access when team members leave or security is compromised.
Remove Member
Immediately revokes all access to organization data and terminates active sessions
Revoke API Keys
Instantly invalidate compromised or unused API keys
Disconnect GitHub App
Removes DevLyTicks access to your GitHub repositories
- •Enable MFA - Require multi-factor authentication for all team members
- •Rotate API Keys - Regularly rotate API keys every 90 days
- •Review Audit Logs - Regularly check audit logs for suspicious activity
- •Least Privilege - Grant minimum permissions needed for each role
- •Offboarding - Immediately revoke access when team members leave