Authentication & Security
Sign in with email, Google, or Microsoft - with optional two-factor authentication you can enforce across your entire workspace
Overview
Instafill.ai supports three ways to sign in: email, Google, and Microsoft. When you register with an email address, Instafill.ai verifies your account by sending a one-time code to that email before granting access. When you sign in with Google or Microsoft, authentication is handled directly by those providers - Instafill.ai never receives or stores your Google or Microsoft password.
Two-factor authentication is available to all users and adds an SMS verification step on top of your primary sign-in method. Organization owners can enforce 2FA for all workspace members, ensuring every account in the workspace is protected regardless of individual preference.
All connections use Transport Layer Security (TLS) 1.2 or higher. The full security overview is at instafill.ai/security.
Sign-In Methods
Register with an email address and a first and last name. The sign-up form is protected by Cloudflare verification, which runs automatically before your account is created. Passwords are never stored in plain text.
Sign in using your existing Google account. Authentication is handled directly by Google - Instafill.ai receives only your email address and display name, and never your Google password. Google manages its own identity protection, fraud detection, and MFA enforcement at the provider level.
Microsoft
Sign in using your existing Microsoft account. The same pattern applies - authentication is handled by Microsoft, and only your email and display name are shared with Instafill.ai. No Microsoft password is transmitted to or stored by Instafill.ai.
Two-Factor Authentication
When 2FA is enabled, signing in requires both your primary credential and a one-time SMS verification code sent to your registered phone. Even if a password is compromised, an attacker cannot access the account without the SMS code.
2FA is optional at the user level. Organization owners can enforce it for all workspace members from the organization settings - this ensures every account in the workspace has 2FA active without relying on individuals to enable it themselves.
Full details on the two-factor authentication feature page.
Use Cases
Healthcare practices filling CMS-1500 claims or physician credentialing packets use workspace access controls to ensure only the right staff can see the right form sets. Hawkeye Physicians reduced credentialing time from 3-4 hours per packet to under 30 minutes - workspace access controls ensure completed credential packets are visible only to authorized staff.
Immigration law firms handle passport scans, financial records, and visa application data for individual clients. Workspace isolation and 2FA enforcement ensure client data is protected at the account level, not just by policy.
Teams using Google Workspace or Microsoft 365 sign in with existing corporate credentials. No new password to manage, no separate Instafill.ai credential to rotate - authentication reuses the identity provider already managed by the organization's IT team.
Organizations with compliance requirements enforce 2FA for all workspace members from a single setting in organization management, rather than auditing individual accounts.
Benefits
| Benefit | What it means |
|---|---|
| Cloudflare verification on sign-up | The registration form runs Cloudflare verification automatically, blocking automated account creation before any credentials are processed |
| No password stored for OAuth sign-ins | When using Google or Microsoft, Instafill.ai never sees or stores your password. Authentication security is managed by the provider you already trust |
| Provider-managed MFA | Google and Microsoft accounts with MFA enabled at the provider level bring that protection into Instafill.ai automatically |
| Organization-wide 2FA enforcement | One setting in organization management applies 2FA to every member, with no per-user configuration required |
| Email verification on registration | New email accounts require a one-time code before access is granted, preventing unauthorized account creation |
| TLS in transit | All authentication traffic is encrypted using TLS 1.2 or higher |
Security
Passwords are never stored in plain text. Social login with Google or Microsoft means Instafill.ai never handles those passwords at all.
All authentication traffic uses TLS 1.2 or higher. All data is hosted on Microsoft Azure infrastructure.
For security disclosures, contact [email protected].
Common Questions
Which sign-in method should I use?
If your team already uses Google Workspace or Microsoft 365, sign in with Google or Microsoft. It is simpler - no new password to manage - and authentication security is handled by the provider your organization already manages. Instafill.ai receives only your email address and display name.
Use email sign-in if your organization does not use Google or Microsoft accounts, or if you prefer credentials that are independent of a third-party provider.
Is my data safe if I use Google or Microsoft sign-in?
Yes. Instafill.ai receives only your email address and display name from the OAuth exchange. Your Google or Microsoft password is never transmitted to or stored by Instafill.ai.
Your form data in Instafill.ai is scoped to your workspace and has no connection to your Google or Microsoft account contents. You can revoke Instafill.ai's access at any time from your Google or Microsoft account security settings.
How do I enable two-factor authentication?
Go to your account settings and enable 2FA. Once enabled, each sign-in will require your password plus a one-time SMS code sent to your registered phone number.
If you are an organization owner and want to require 2FA for everyone in the workspace, you can enforce it from the organization settings. This applies to all current and new members.
What if I lose access to my phone for 2FA?
Contact the Instafill.ai support team to verify your identity and temporarily disable 2FA so you can regain access.
Can I require all my team members to use 2FA?
Yes. Organization owners can enforce 2FA for all workspace members from organization settings. Once enforced, all members must have 2FA active before they can access the workspace. See Organization Management for how workspace-level policies are configured.
What information does Instafill.ai receive from Google or Microsoft?
Only your email address and display name. Instafill.ai does not receive access to your inbox, calendar, contacts, files, or any other account contents. The OAuth exchange is limited to identity verification only.