Team & Organization

Security

Configure multi-factor authentication, SSO, and access policies for your organization.

Terac provides security features to protect your organization and research data.

Multi-Factor Authentication (MFA)

Enforcing MFA

Organization admins can require all members to enable MFA. When enforced:

  • Existing members are prompted to set up MFA on their next login
  • New members must configure MFA before accessing the organization
  • Members cannot disable MFA while the enforcement is active

Setting Up MFA

Individual users set up MFA from their personal account settings. Terac supports authenticator apps (TOTP) for second-factor verification.

Single Sign-On (SSO)

For organizations that use an identity provider, Terac supports SSO configuration. This lets members authenticate through your company's existing identity system.

SSO setup is available in the organization's Security settings.

Audit Log

The Activity page provides a complete audit trail of actions taken within your organization:

  • Member logins and role changes
  • Opportunity creation, launch, and configuration changes
  • Submission reviews and approvals
  • Billing transactions
  • Settings changes

Use the audit log to track who did what and when, for compliance or troubleshooting.

API Key Security

API keys provide programmatic access to your organization's data. Best practices:

  • Rotate keys periodically
  • Use separate keys for different integrations
  • Revoke keys immediately if compromised
  • Never share keys in public repositories or chat

See API Keys for management details.

Participant Data & Privacy

Terac is built to minimize the personal data exposed about participants:

  • By default, Terac does not surface participant personally identifiable information such as full name or email address in your results. Participants are identified by their submission and profile rather than by direct contact details.
  • If your study collects any personal information directly (for example, in your own survey), keep it to the minimum your research requires and handle it according to your own privacy obligations. If you are unsure whether a field is acceptable, ask your Terac contact before launching.

Minors

For participants who are minors (typically ages 13 to 17), Terac requires verified parental or guardian consent before they take part, even where local regulation would not strictly require it. If your study targets an audience that may include minors, raise it during the feasibility check so the right consent process is in place.

What's Next?

Members and Roles

Manage team access

API Keys

Manage programmatic access

Projects

Organize your research into separate project workspaces within your organization.

Billing & Credits

Understand how Terac billing works, including credits, pricing, and transaction history.

On this page

Multi-Factor Authentication (MFA)Enforcing MFASetting Up MFASingle Sign-On (SSO)Audit LogAPI Key SecurityParticipant Data & PrivacyMinorsWhat's Next?