> ## Documentation Index
> Fetch the complete documentation index at: https://docs.sherpo.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Let users log in via email or Google — they are your customers, not ours.

Every Sherpo-generated site ships with a secure authentication layer by default, so your customers can log in, access their purchases, and manage their profile, all under your brand. You don't need to wire up OAuth or manage sessions yourself: Sherpo handles it automatically for every site (e.g., `yoursite.sherpo.io`).

***

## How customers log in

### Entry points

Every Sherpo-generated site includes a **Sign in** button in the header. Once logged in, this button turns into a profile avatar linking to their dashboard.

<Frame>
  <img className="rounded-xl mr-auto" src="https://mintcdn.com/sherpo/Qr9kWVqTqzO2ErB4/images/signin-header.png?fit=max&auto=format&n=Qr9kWVqTqzO2ErB4&q=85&s=453a95427900726623a6dada76f41400" alt="Sherpo-generated site header" title="Sign-in to a Sherpo-generated site" width="1142" height="114" data-path="images/signin-header.png" />
</Frame>

***

### Email magic links

By default, visitors enter their email address and receive a **secure code** via email to complete the sign-in process.

This is a **passwordless flow**: faster, simpler, and more secure on mobile.

<Frame>
  <img className="rounded-xl mr-auto" src="https://mintcdn.com/sherpo/F9Inziwr2FQcq_MD/images/access-code.png?fit=max&auto=format&n=F9Inziwr2FQcq_MD&q=85&s=7816df52ad04051c214819e4159d275c" alt="Sherpo access code sent to the inbox" title="Access code for Sherpo login" width="1184" height="800" data-path="images/access-code.png" />
</Frame>

***

### Google sign-in

Sherpo includes **Google OAuth** out of the box. Visitors can simply click **Sign in with Google** and complete the flow without leaving your site.

<Frame>
  <img className="rounded-xl mr-auto" src="https://mintcdn.com/sherpo/Qr9kWVqTqzO2ErB4/images/auth.png?fit=max&auto=format&n=Qr9kWVqTqzO2ErB4&q=85&s=31b45d5c2d07f93078c6c77fe8c7e785" alt="Authentication screen for Sherpo-generated site" title="Log in to a Sherpo-generated site" width="1136" height="812" data-path="images/auth.png" />
</Frame>

***

### Security and session management

* All authentication flows are secured through **Cloudflare**, protecting against bots and spam logins.
* Once logged in, users stay signed in across your Sherpo-generated site, until they log out or the session expires.

<Tip>
  Unlike other platforms, customers who sign in to your Sherpo-generated site are **not** signed in to other Sherpo sites. They are 100% **your customers**, not ours, or anyone else’s.
</Tip>

***

## FAQ

<AccordionGroup>
  <Accordion title="Can I disable Google sign-in?">
    No. Google OAuth is currently built-in and active by default to maximize ease of access and reduce login friction.
  </Accordion>

  <Accordion title="Do users need passwords to log in?">
    No. For security reasons, Sherpo uses **passwordless magic links** for email-based login. Customers simply enter their email and receive a one-time code to confirm their identity.
  </Accordion>

  <Accordion title="Can I view who signed in?">
    Each login event is linked to a valid order, product access, or free unlock. You can then track authenticated customers in your **Sales** and **Customers** dashboard.
  </Accordion>

  <Accordion title="Does Sherpo share user data across creators?">
    Never. Authentication is scoped to your domain (e.g., `yoursite.sherpo.io`). Each site has its own isolated user base, ensuring **data privacy** and **ownership** for every creator.
  </Accordion>

  <Accordion title="Do customers stay logged in across devices?">
    Sessions are persistent but device-specific. Customers logging in on a new device will need to reauthenticate via email or Google.
  </Accordion>

  <Accordion title="Can I customize the login page?">
    You can customize your site branding, logo, and accent colors: these apply automatically to the site. The structure of the authentication is not editable.
  </Accordion>

  <Accordion title="What happens if someone enters the wrong email?">
    Sherpo never exposes account existence information. Users who enter a non-existent or incorrect email will simply not receive a code, keeping your user base private and protected.
  </Accordion>
</AccordionGroup>
