DuckPost separates organization collaboration from personal account security.
Team management
From Team, owners and sudo users can:
- Invite new teammates by email
- Revoke pending invites
- Remove members from the organization
- Enable or disable a member’s access
- Search members by name or email
Invites are for new accounts. Existing users cannot be invited through the invite flow.
Roles
| Role | Typical use |
|---|
User | Create and manage day-to-day release content |
Owner | Manage organization-level settings, members, widget settings, and release agent configuration |
Account profile
From Profile settings, you can update:
- Full name
- Password
- Multi-factor authentication using TOTP
Owners and sudo users can also rename the organization from the profile dialog.
Password rules
DuckPost passwords must:
- Be 8 to 128 characters long
- Include at least one letter
- Include at least one number
MFA
DuckPost supports authenticator-app MFA with:
- A setup flow that generates a QR code
- 6-digit verification codes
- A disable flow that requires your current password and a valid code
Enable MFA for every owner account.