Skip to main content

Environment Setup

Overview

Authentication for the internal documentation site is handled by Cloudflare Access at the edge level. No environment variables are required in the application - authentication happens before users reach the site.

Authentication Method

Cloudflare Access with One-time PIN authentication:

  1. User navigates to https://team.symphonycore.com
  2. Cloudflare Access intercepts the request
  3. User enters their email address
  4. User receives a one-time PIN via email
  5. User enters PIN to authenticate
  6. Access granted to documentation

Access Policy

Current policy configuration in Cloudflare Zero Trust:

  • Application: Internal Docs
  • Domain: team.symphonycore.com
  • Policy: Allow emails ending in @symphonycore.com
  • Identity Provider: One-time PIN

Managing Access

Adding Users

Any user with an @symphonycore.com email can access the site automatically (no manual user management needed).

Adding External Users

To allow specific external users:

  1. Go to Cloudflare Zero Trust Dashboard
  2. Navigate to Access controlsApplications
  3. Edit the "Internal Docs" application
  4. Add a new Include rule with specific email addresses

Cloudflare Dashboard Access

Previous Setup (Deprecated)

Previously, authentication was handled by Firebase Auth with Google SSO. This was migrated to Cloudflare Access in December 2025 for:

  • Simpler architecture (no client-side auth code)
  • Support for external users via email OTP
  • Reduced bundle size
  • Edge-level authentication (faster, more secure)

The Firebase project (symphonycore-internal-docs) can be disabled or deleted if no longer needed.

Troubleshooting

User Can't Access

  1. Verify their email ends with @symphonycore.com
  2. Check they're entering the correct email
  3. Check spam folder for OTP email
  4. Verify Cloudflare Access application is enabled

OTP Not Received

  1. Check spam/junk folder
  2. Verify email address is correct
  3. Wait a few minutes and try again
  4. Check Cloudflare Access logs for errors