Skip to content

Magic-link admin SSO

A magic link signs you straight into an environment’s WordPress admin — no WordPress password, no shared credentials. You generate a one-time link for a specific environment, follow it, and land in wp-admin as your mapped user. It’s the fastest way to get into the dashboard of a preview environment you just pushed, and the safest way to let a teammate in without handing out a password.

Magic links solve the recurring pain of WordPress admin access: passwords get shared in chat, reused across environments, and outlive the person who needed them. With a magic link there’s no standing credential to leak — the link is single-use and expires.

You can mint a link from the dashboard, the mf CLI, or the public API.

Open the environment in the app, then use the Sign in to wp-admin action. The link is generated and followed in one click.

An environment detail page in the app.managed.dev dashboard with a “Sign in to wp-admin” button in the environment header, and a brief note that the link is one-time and expires shortly.
  1. You request a link for a specific environment.
  2. managed.dev issues a single-use, short-lived token bound to that environment and to your identity.
  3. Following the link consumes the token and starts an authenticated wp-admin session in that environment.
  4. The token is now spent — the link can’t be replayed or shared to grant a second session.

Magic links are deliberately short-lived. Each link is single-use and expires shortly after it’s issued — generate one when you’re ready to use it rather than ahead of time. Exact expiry window is shown when you generate the link.

  • No shared passwords. Nothing standing to leak, reuse, or rotate. The link is the credential and it’s consumed on first use.
  • Scoped to one environment. A link can’t cross the boundary into another environment or another team’s site.
  • Mapped to your identity and role. You enter wp-admin as your own mapped user, and your team role governs whether you can mint a link at all.
  • Audited. Generating and using a magic link is recorded in the audit log, so admin access is accountable rather than anonymous.

Reach for a magic link when you need the WordPress admin UI — editing content, checking a plugin’s settings screen, reviewing a preview before you promote it.

When you need a shell instead — to run WP-CLI, script maintenance, or inspect the filesystem — use the SSH gateway. The two are complementary: magic link for the admin UI, SSH for the command line.