Skip to main content
Authentication at Figures

Figures only allows sign-in via Google Workspace or Microsoft 365 using OAuth 2.0 for security, avoiding vulnerable email/password logins.

Updated over 2 months ago

Authenticating with Google or Microsoft

The only way to sign-up and log-in to the Figures platform is to connect with a Google Workspace or Microsoft 365 account. Under the hood, those connection methods use the industry-standard protocol for authorization, OAuth 2.0.

Why OAuth 2.0

Most online tools require you to create and remember a login and password. This creates an incredibly wide attack surface on your company’s data: on the one hand, different tools will have vastly differing security practices - and on the other hand, your users will have vastly differing security awareness. The bottom line is that you have large numbers of passwords, possibly weak and unsecure, stored in a possibly unsecure way on a large number of databases you can’t control or audit.

For this reason, we at Figures do not and will not store passwords in our databases. This is intended to give you a maximum of both security and control :

  • The technical aspects are assured by providers (Microsoft / Google) who are known to have best-in-class security practices.

  • The human aspect is under your control: only you can give access to your Figures data, first by creating an email on your domain, then having your Figures admin authorize access to this specific email.

Your data at Figures

By design, OAuth authentication flows only involve a minimum amount of data directly necessary for the purpose of identifying a user.

When you connect on Figures through Microsoft / Google, our servers receive the following fields. At the moment, not all those fields are stored in our database, the rest is discarded upon receipt:

Field

Stored

Comment

Provider ID

This is a random-looking string of characters that identifies the account in the provider’s database.

Email address

First and last names

Profile picture

This is the public picture of the profile, which can be seen for example when the user sends an email.

Gender

Profile link

Preferred language

Job title

Phone numbers

(Microsoft only)

Italicized items are optional and only provided if they are present in the account.

Here is the documentation of the tools used in our OAuth 2.0 authentication flow :

How does "Sign-in with a login link" work?

If you use neither Microsoft nor Google within your company than you can request an individual Login Link via "Sign-in with a Login Link" to gain access to Figures.

Precondition to gaining access to Figures this way, as with any of the other login options, is that we have already registered your email address as a user credential in our backend.

To receive the Login Link, just click on "Sign-in with a Login Link" and enter your email address. You will receive an email with the respective Login Link (valid 24 hours) in your inbox. By clicking on it you will gain direct access to your Figures account.

But keep in mind, each Login Link can only be used once and so you have to re-generate it each time you want to access your Figures account.

Why isn't it possible to login using email and password?

We chose not to allow traditional email/password methods to sign-in for security measures, as it’s known to be one of the most vulnerable vectors of attack.

Did this answer your question?