There are three ways to authenticate with PlanetScale: email address and password, single sign-on, and OAuth via GitHub.
Let's break down how each of these work.
This is the only authentication mechanism where PlanetScale maintains user credentials.
Additionally, users can opt to configure two-factor authentication (2FA). This option requires something you know (i.e. your password) and something you have (i.e. recovery codes).
Users can authenticate with their chosen corporate identity provider (i.e. Okta) instead of maintaining passwords with PlanetScale.
Once SSO is enabled for an
organization, all members are redirected through that identity provider's authentication flow. Moving forward, they must pass through SSO to access their PlanetScale account.
Users can authenticate with PlanetScale using their GitHub account.
PlanetScale doesn't maintain the passwords for these accounts. Losing access to your GitHub account prevents accessing your PlanetScale account.
Enabling SSO removes OAuth access for all members of your organization, meaning they will no longer be able to sign in with their GitHub credentials.