Skip to content
PropelAuth BYO Documentation

Dashboard Access

The PropelAuth BYO dashboard gives your team a powerful interface for managing authentication - from resetting passkeys to terminating sessions to configuring SSO connections. Here’s how to control access.

Separating Dashboard from API Traffic

Section titled “Separating Dashboard from API Traffic”

BYO lets you run the dashboard on a different port than your API:

Terminal window
PORT=2884           # Your API traffic
DASHBOARD_PORT=3000 # Dashboard access

This simple separation enables powerful network-level controls. Your API remains accessible to your backend services while the dashboard stays locked down.

Access Patterns

Section titled “Access Patterns”

Teams typically choose one of these approaches:

  • VPN-Only Access: Place the dashboard port behind your corporate VPN. Only employees on the VPN can reach it.
  • Private Subnet: Run BYO in a private subnet with the dashboard port only accessible from internal networks.
  • IP Allowlisting: Use your load balancer or firewall to restrict dashboard access to specific IP ranges.

First Login

Section titled “First Login”

When you first deploy BYO, access the dashboard using:

  • Username: The value you set for INITIAL_OWNER_USERNAME
  • Password: thispasswordistemporary

You’ll be required to change this password immediately.

Managing Dashboard Users

Section titled “Managing Dashboard Users”

Once logged in, you can create additional dashboard users with different permission levels:

  • SuperAdmin: Full access, can manage all users
  • Admin: Full feature access, cannot modify SuperAdmins
  • Editor: Can modify features but not users
  • Read Only: View-only access

Each new user receives a temporary password that must be changed on first login.

Dashboard Logs

Section titled “Dashboard Logs”

The dashboard provides detailed logs of all user actions. You can review these logs to audit changes and monitor access patterns.

Just like every log BYO outputs, the dashboard logs will be structured JSON - perfect for ingestion into your existing logging infrastructure. To filter to only dashboard logs, look for the app field with the value dashboard.

Security Considerations

Section titled “Security Considerations”

The dashboard provides read and write access to critical authentication data. Treat it like any other admin panel in your infrastructure:

  • Always use HTTPS in production
  • Implement network-level access controls
  • Regularly audit dashboard user accounts
  • Consider your compliance requirements when determining access patterns

Remember: the dashboard and API can run on the same port if you prefer simplicity over granular control. Choose the approach that matches your security model.