faq.mdx

title	FAQ

This page covers a range of frequently asked questions about Sourcebot's built-in authentication system.

No, at this time it's not possible to disable the authentication system. If this is preventing you from deploying Sourcebot within your organization please [reach out](https://www.sourcebot.dev/contact) Every user must register an account within your Sourcebot deployment. However, this dosn't mean their access is restricted.

Unless member approval is required, anyone can sign up for an account on your deployment and immediately be granted access.

**No data related to authentication (or your code) leaves your deployment**. Authentication is handled purely by your deployment and the authentication providers you configure.

This data does not leave your device and is stored within in the database managed by your deployment. If you're
using credential login, passwords are encrypted at rest and in transit.

Please note that IAP bridges are an enterprise feature Sourcebot supports connecting your identity proxy directly into the built-in auth system using an IAP bridge. This allows Sourcebot to register and authenticate automatically on a successful identity proxy log in.

Sourcebot currently supports [GCP IAP](/docs/configuration/auth/providers#gcp-iap). If you're using a different IAP
and require support, please [reach out](https://www.sourcebot.dev/contact)

Sourcebot uses [Auth.js](https://authjs.dev/) as its underlying authentication framework. Auth.js provides authentication providers (credientials, Google, GitHub, etc) and an interface to enable user registration and log in. Internally, Auth.js uses JWT to provide Sourcebot secure and reliable information about user authentication.

Have a question that's not answered here? Submit it on our GitHub discussions page and we'll get back to you as soon as we can!