Skip to main content

Frequently Asked Questions

Find answers to common questions about getting started with Authsec for AI applications and MCP servers.

General Questions

What is Authsec?

Authsec is a comprehensive authentication and authorization platform designed specifically for AI applications, agents, and MCP (Model Context Protocol) servers. It provides secure user authentication, role-based access control, and enterprise-grade security features optimized for AI workloads.

How is Authsec different from other auth providers?

Authsec is purpose-built for AI applications with features like:

  • Native support for AI agent authentication
  • MCP server integration capabilities
  • Context-aware authorization for AI conversations
  • Specialized rate limiting for AI operations
  • Built-in compliance for AI data handling

What programming languages are supported?

Authsec provides SDKs for:

  • JavaScript/TypeScript (Node.js and Browser)
  • Python
  • Java
  • .NET
  • Go
  • React Native (mobile)

Authentication Questions

What authentication methods does Authsec support?

Authsec supports multiple authentication methods:

  • Username/Password: Traditional email/password authentication
  • Social Logins: Google, Microsoft, GitHub, LinkedIn, Facebook, Twitter, Apple
  • Single Sign-On: OIDC and SAML 2.0 for enterprise integration
  • Multi-Factor Authentication: TOTP, SMS, email, biometrics
  • Passwordless: Magic links and biometric authentication
  • API Authentication: Client credentials, API keys, JWT tokens

How do I implement SSO for my organization?

For enterprise SSO integration:

  1. OIDC (Recommended): Modern OAuth 2.0-based authentication

    • Supports most modern identity providers
    • Easy to implement and maintain
    • Built-in security features

  2. SAML 2.0: For legacy enterprise systems

    • Works with Active Directory, ADFS, Okta, Azure AD
    • XML-based protocol with digital signatures
    • Comprehensive attribute mapping

See our OIDC Setup Guide or SAML Setup Guide for detailed instructions.

Can I customize the login page?

Yes! Authsec offers multiple customization options:

  • Basic Branding: Logo, colors, company name
  • Custom CSS: Complete visual customization
  • Custom HTML: Full control over login page design
  • Multiple Languages: Localization support
  • Mobile Optimization: Responsive design capabilities

Check out our Login Page Customization Guide for details.

AI and MCP Integration

How do I authenticate AI agents?

AI agents typically use the Client Credentials flow for service-to-service authentication:

// Example AI agent authentication
const authsec = new AuthsecClient({
  domain: 'your-domain.authsec.com',
  clientId: 'your-ai-agent-client-id',
  clientSecret: 'your-client-secret'
});

const token = await authsec.getClientCredentialsToken({
  audience: 'https://api.yourapp.com',
  scope: 'ai:generate ai:analyze'
});

What are MCP servers and how do I secure them?

MCP (Model Context Protocol) servers provide context and capabilities to AI systems. Authsec secures MCP servers by:

  • Authenticating client connections
  • Validating access to specific tools and resources
  • Implementing rate limiting for AI operations
  • Providing audit logging for all activities

Can I control which AI models users can access?

Yes! Use Authsec's scope-based permissions to control AI model access:

// Define custom scopes for AI models
const aiScopes = [
  'ai:models:gpt4',      // Access to GPT-4
  'ai:models:claude',    // Access to Claude
  'ai:generate',         // Text generation permission
  'ai:analyze',          // Analysis capabilities
  'mcp:tools:web',       // Web search tools
  'mcp:tools:calc'       // Calculator tools
];

Security Questions

How secure is Authsec?

Authsec implements enterprise-grade security:

  • Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
  • Compliance: SOC2, GDPR, HIPAA compliant
  • Standards: Implements OAuth 2.0, OIDC, SAML 2.0 standards
  • Monitoring: Real-time threat detection and prevention
  • Auditing: Comprehensive audit logs for all activities

What is Multi-Factor Authentication (MFA)?

MFA adds extra security by requiring multiple verification methods:

  • Something you know: Password or PIN
  • Something you have: Phone, authenticator app, hardware key
  • Something you are: Biometrics (fingerprint, face, voice)

Authsec supports TOTP apps, SMS, email, and biometric authentication. See our MFA Setup Guide.

How do I handle token expiration?

Implement automatic token refresh in your application:

// Automatic token refresh
async function makeAuthenticatedRequest(url, options = {}) {
  let token = getCurrentToken();
  
  // Check if token is expired
  if (isTokenExpired(token)) {
    token = await refreshToken();
  }
  
  return fetch(url, {
    ...options,
    headers: {
      ...options.headers,
      'Authorization': `Bearer ${token}`
    }
  });
}

Integration Questions

How long does integration take?

Integration time varies by complexity:

  • Basic Authentication: 1-2 days
  • Social Logins: 2-3 days
  • Enterprise SSO: 1-2 weeks
  • Custom UI: 1-2 weeks
  • Full Enterprise Setup: 2-4 weeks

Do you provide migration assistance?

Yes! Authsec offers migration support:

  • Documentation: Comprehensive migration guides
  • Tools: Automated migration scripts where possible
  • Support: Technical support during migration
  • Professional Services: Full-service migration for enterprise customers

Can I test Authsec before implementing?

Absolutely! We recommend:

  1. Free Developer Account: Sign up for a free account
  2. Sandbox Environment: Test all features safely
  3. Sample Applications: Use our example implementations
  4. Documentation: Follow step-by-step guides
  5. Support: Reach out with questions

Billing and Pricing

Is there a free tier?

Yes! Authsec offers a generous free tier:

  • Up to 1,000 monthly active users
  • All authentication methods
  • Basic MFA support
  • Community support
  • Standard SLA

How does pricing scale?

Pricing is based on monthly active users (MAU):

  • Free: 0-1,000 MAU
  • Starter: 1,001-10,000 MAU
  • Professional: 10,001-100,000 MAU
  • Enterprise: Custom pricing for 100,000+ MAU

Enterprise plans include advanced features like:

  • 99.9% SLA guarantee
  • Priority support
  • Custom integrations
  • Dedicated infrastructure

What about AI-specific pricing?

AI operations may have additional costs:

  • API Calls: Rate-limited based on plan
  • Token Generation: High-volume token operations
  • Custom Models: Access to specific AI models
  • Data Processing: Large-scale data analysis

Contact sales for AI-specific pricing details.

Troubleshooting

My login is not working. What should I check?

Common login issues and solutions:

  1. Check Credentials: Verify client ID and secret are correct
  2. Callback URLs: Ensure redirect URIs match exactly
  3. Network: Check for firewall or proxy issues
  4. Certificates: Verify SSL certificates are valid
  5. Logs: Check browser console and network tab for errors

How do I debug authentication issues?

Enable debug mode in your SDK:

const authsec = new AuthsecClient({
  domain: 'your-domain.authsec.com',
  clientId: 'your-client-id',
  debug: true  // Enable detailed logging
});

Also check:

  • Browser developer tools
  • Authsec dashboard logs
  • Network request/response details
  • Token contents (use jwt.io)

Where can I get help?

Support options:

  • Documentation: Comprehensive guides and API reference
  • Community Forum: Developer community discussions
  • Support Tickets: Technical support (paid plans)
  • Professional Services: Implementation assistance
  • Status Page: Service availability and incidents

How do I report security issues?

For security vulnerabilities:

  • Email: security@authsec.com
  • Response Time: 24 hours acknowledgment
  • Process: Responsible disclosure program
  • Rewards: Bug bounty program available

Never post security issues in public forums or repositories.

Best Practices

What are the security best practices?

  1. Store Secrets Securely: Use environment variables or key management
  2. Use HTTPS: Always encrypt data in transit
  3. Validate Tokens: Check signatures and expiration
  4. Implement MFA: Require multi-factor authentication
  5. Monitor Activity: Set up logging and alerting
  6. Regular Updates: Keep SDKs and dependencies current

How should I handle errors?

Implement comprehensive error handling:

async function handleAuthentication() {
  try {
    const result = await authsec.authenticate();
    return result;
  } catch (error) {
    switch (error.code) {
      case 'INVALID_CREDENTIALS':
        return showLoginError('Invalid username or password');
      case 'MFA_REQUIRED':
        return redirectToMFA();
      case 'ACCOUNT_LOCKED':
        return showAccountLocked();
      default:
        return showGenericError();
    }
  }
}

What about performance optimization?

Performance tips:

  • Token Caching: Cache valid tokens to reduce API calls
  • Connection Pooling: Reuse HTTP connections
  • Async Operations: Use async/await for non-blocking operations
  • Rate Limiting: Implement client-side rate limiting
  • Monitoring: Track performance metrics

Still have questions? Check our full documentation or contact support.