Auth Commands¶
Manage user authentication, roles, and access control from the command line.
Overview¶
The dango auth commands manage the built-in authentication system. Auth is enabled by default — dango init prompts for an admin password during project setup.
All 13 subcommands:
| Command | Description |
|---|---|
auth enable | Enable authentication |
auth disable | Disable authentication |
auth status | Show authentication status |
auth add-user | Create a new user |
auth list-users | List all users |
auth reset-password | Generate new temporary password |
auth change-role | Change a user's role |
auth deactivate-user | Soft-disable a user account |
auth reactivate-user | Re-enable a deactivated user |
auth delete-user | Permanently delete a user |
auth unlock | Unlock a locked-out account |
auth audit | Query the authentication audit log |
auth recover | Emergency admin account recovery |
Info
Auth commands manage user accounts and authentication. For OAuth provider connections (Google, Facebook), see OAuth Commands.
Enable / Disable¶
dango auth enable¶
Enable authentication for this project.
- 365-day session duration
- 24-hour idle timeout
- 30-day session duration
- 60-minute idle timeout
dango auth disable¶
Disable authentication for this project. All endpoints become accessible without login.
Warning
Disabling auth removes all access control. Anyone with network access to the platform can view and modify data.
User Management¶
dango auth add-user¶
Create a new user with an invite link or temporary password.
| Option | Default | Description |
|---|---|---|
--role [admin\|editor\|viewer] | — | User role |
--password | — | Generate a temporary password instead of an invite link |
--base-url TEXT | — | Base URL for invite links |
Roles:
| Role | Permissions |
|---|---|
admin | Full access: manage users, config, sources, and data |
editor | Manage sources, sync data, run transformations |
viewer | Read-only access to dashboards and data |
# Create user with invite link
dango auth add-user [email protected] --role editor
# Create user with temporary password
dango auth add-user [email protected] --role viewer --password
dango auth list-users¶
List all users with their roles and status.
dango auth reset-password¶
Generate a new temporary password for a user.
dango auth reset-password [email protected]
The user must change the temporary password on next login.
dango auth change-role¶
Change a user's role.
dango auth change-role [email protected] admin
dango auth change-role [email protected] viewer
dango auth deactivate-user¶
Soft-disable a user account. The user cannot log in but the account is preserved.
dango auth deactivate-user [email protected]
Use dango auth reactivate-user to re-enable.
dango auth reactivate-user¶
Re-enable a deactivated user account.
dango auth reactivate-user [email protected]
dango auth delete-user¶
Permanently delete a user account.
Danger
This permanently deletes the user and cannot be undone. Use deactivate-user for a reversible alternative.
dango auth delete-user [email protected]
dango auth unlock¶
Unlock a user account that was locked out due to failed login attempts.
dango auth unlock [email protected]
Audit & Recovery¶
dango auth audit¶
Query the authentication audit log.
| Option | Description |
|---|---|
--since TEXT | Filter events after date (YYYY-MM-DD) |
--type TEXT | Filter by event type |
--limit INTEGER | Max events to show |
# View recent auth events
dango auth audit
# Filter by date
dango auth audit --since 2024-12-01
# Filter by event type
dango auth audit --type login_failed --limit 50
dango auth recover¶
Create a recovery admin account for emergency use. Use when all admin accounts are locked out or inaccessible.
Tip
This is a last-resort command. It creates a new admin account that can be used to restore access to the system.
Remote User Management¶
For managing users on a deployed cloud server, use dango remote auth:
dango remote auth add-user [email protected] --role editor
dango remote auth list-users
dango remote auth remove-user [email protected]
dango remote auth reset-password [email protected]
See Deploy & Remote for details.
Troubleshooting¶
Forgot admin password
Run dango auth recover to create a recovery admin account, then use it to reset other passwords.
User locked out
Run dango auth unlock [email protected] to unlock the account. Accounts are locked after repeated failed login attempts.
Auth enabled but can't access platform
Check dango auth status to confirm auth is enabled. If you set DANGO_ADMIN_PASSWORD during init, that's the admin password. For automated testing/CI, use --skip-wizard or set the env var.
Related Pages¶
- CLI Reference — Quick reference for all commands
- OAuth Commands — OAuth provider connections (separate from user auth)
- Deploy & Remote — Remote server user management
- Authentication Guide — How authentication works in Dango