# Account and team security

# Account and team security

Lettermint supports account-level and team-level controls for securing access to your email infrastructure.

## Account security

Users can secure their own account with passkeys and connected OAuth providers.

<Frame>
    <img src="/docs/images/user-security.png" alt="Passkey and OAuth providers screen." />
</Frame>

## Team MFA enforcement

Owners can require team members to use multi-factor authentication before accessing team resources.

<Frame>
    <img src="/docs/images/team-enforce-mfa.png" alt="Team MFA enforcement settings." />
</Frame>

## Enterprise identity

Use SSO to route managed users through your identity provider, and SCIM to provision and deprovision users.

<CardGroup cols={2}>
  <Card title="SSO" icon="key-round" href="/platform/teams/sso">
    Configure SAML or OIDC sign-in.
  </Card>
  <Card title="SCIM" icon="users" href="/platform/teams/scim">
    Provision users and groups.
  </Card>
</CardGroup>

## Token security

- Use Project API tokens only for sending.
- Use Team API tokens only for management automation.
- Create one token per integration.
- Rotate or revoke tokens when ownership changes.
- Never expose tokens in client-side code.

## Next steps

- [Team API tokens](/platform/teams/api-tokens)
- [Project API tokens](/platform/projects-and-routes/api-tokens)
- [SSO](/platform/teams/sso)
- [SCIM](/platform/teams/scim)