Authentication

Authentication Methods

Refiner offers multiple authentication methods to make access secure and convenient for your team. Depending on your account setup, users can sign in using a traditional email and password combination, Google Sign-In, or Single Sign-On (SSO) with SAML. Authentication settings can be managed directly from your account and profile settings.

Email / Password

The default authentication method in Refiner is signing in with an email address and password.

If you forget your password, you can reset it directly from the login page using the password recovery option.

Users can also update their email address or password at any time from their profile settings under Account → Profile.

This authentication method is enabled for all accounts by default and does not require any additional setup.

Google Sign-In

Refiner also supports Google Sign-In for faster and more convenient access. Users can authenticate with their Google account directly from the login page without needing to manage a separate password.

Google Sign-In can be used alongside the Email / Password authentication methods available on your account.

Single Sign-On (SAML SSO)

As an alternative to Refiner’s built-in authentication system, it is also possible to enable Single Sign-On (SSO) using SAML. This allows your organization to authenticate users through your existing identity provider such as Okta, Azure AD, or Google Workspace.

Setting up SAML SSO requires manual configuration and coordination from our side and we might apply a small one-time setup fee. If you are interested in enabling SAML SSO for your account, please contact the Refiner support team for more information.

Once configured, SAML SSO can be enforced as the exclusive authentication method for your account.

Team Access

Refiner is designed to be used collaboratively across your entire organization. You can invite your full team to your account, and there are no limits on how many team members you can add. Team members can access surveys, results, integrations, and account settings depending on their assigned permissions. You can manage invitations and team access from the dedicated Team Access page in your account settings.

Two-Factor Authentication (2FA)

Refiner supports Two-Factor Authentication (2FA) to provide an additional layer of security for your account.

We strongly recommend enabling 2FA for all users to help protect account access. Once configured, users will be asked to provide a verification code during login in addition to their password.

Users can enable 2FA directly from their profile settings, where a QR code will be generated for setup with their preferred authentication app.

Account administrators can also enforce 2FA for the entire organization under Account → Security.

When enabled, all users on the account are required to configure 2FA before they can continue using Refiner.

Administrators can monitor which users have already completed their 2FA setup from the Account → Team page. This makes it easy to ensure that security requirements are consistently applied across the organization.

Session Duration

Refiner allows administrators to control how long users remain signed in while inactive. By default, users are automatically logged out after two hours of inactivity for security reasons. If your team prefers longer sessions, the inactivity timeout can be extended from the Account → Security page. This setting applies to all users within the account and helps balance convenience with account security.