Astell DocumentationGetting startedWorkspaces and membersIntegrations and syncingChatLoopsPlans and billingAccount security
Account security

Account security

Secure your Astell account with passkeys and two-factor authentication, and manage sessions and connected apps.

Astell separates two layers of security: your account (how you sign in, covered here) and your workspace data (what each member can see, which is enforced by permission-aware search; see security practices).

Sign-in methods

You can sign in with a password, a magic link sent to your email, a connected OAuth provider (such as Google), or a passkey. Manage all of them under Account settings → Security.

Passkeys

Passkeys sign you in with your device's biometrics or screen lock instead of a password. They resist phishing and never leave your device.

Go to Account settings → Security → Passkeys and choose Add passkey.

Follow your browser's prompt (Touch ID, Face ID, Windows Hello, or a hardware key).

Name the passkey so you can recognize it later, and remove any passkey you no longer use from the same list.

Two-factor authentication

Two-factor authentication (2FA) adds a one-time code on top of your password.

Go to Account settings → Security → Two-factor authentication and choose Enable.

Scan the QR code with your authenticator app and confirm with a code from the app.

Store the recovery codes somewhere safe. They are the only way back in if you lose your device.

Active sessions

Account settings → Security → Active sessions lists every device currently signed in to your account, with its browser and last activity. Revoke any session you do not recognize; that device is signed out immediately.

Connected accounts and authorized apps

  • Connected accounts are OAuth providers you use to sign in or connect data (for example, Google). Each entry shows which workspaces use it. See Integrations and syncing for how connections feed data into workspaces.
  • Authorized applications are third-party clients you have granted access to your Astell data, for example an MCP client that searches your workspace. When an app requests access, Astell shows a consent screen listing exactly what it asked for (such as verifying your identity, reading your profile or email address, staying connected without re-authorizing, or searching a workspace's data through the Astell MCP server). You can allow or deny each request. See MCP integrations.

If you lose access

Password reset and locked-account recovery are covered step by step in the Help Center: password reset and email access and issues.

Compliance

Astell's compliance posture (SOC 2, HIPAA, GDPR, CCPA, DPA, SLA) is documented in the compliance and security section of the Help Center.

Plans and billing

Astell's plans, how tokens meter usage, and how to manage your subscription, seats, and invoices.

On this page

Sign-in methodsPasskeysTwo-factor authenticationActive sessionsConnected accounts and authorized appsIf you lose accessCompliance