Your Account
Sign up, sign in, and manage your Taifa Mail account for an institution workspace.
Sign up
Create an account at govconnect.ke using your official work email. You can sign up with any of these methods:
- Google OAuth - click "Continue with Google" and authorise the Taifa Mail app. No password is stored.
- GitHub OAuth - click "Continue with GitHub" and authorise the Taifa Mail app. If your GitHub email is private, Taifa Mail reads your primary verified email from GitHub.
- Email and password - enter your email address and choose a password (minimum 8 characters). A verification email is sent to confirm your address.
All methods create the same type of account.
Accounts are keyed by email address. If you first register with email and password, then later sign in with Google or GitHub using that same email, the OAuth provider is linked to your existing account - you will not end up with duplicates. Note that you cannot register a second email/password account for an email that already exists; sign in instead.
When you sign up, Taifa Mail asks whether you are setting up your institution or joining an existing one. The first officer from an institution who chooses Set up my organisation goes straight into the ICTA allocation request wizard - see Request domains & mailboxes from ICTA. There is no separate developer onboarding path; once your institution's domain is ICTA-approved, anyone on the team can generate API keys and SMTP credentials under Developer in the sidebar. Everything you create - domains, official mailboxes, keys, and sends - belongs to a workspace. See Workspaces.
Sign in
You can sign in with any method linked to your account:
- Google or GitHub - same OAuth flow as sign up. If the OAuth email matches an existing account, you are signed into that account.
- Email and password - enter your credentials on the login page.
- Magic link - on the login page, enter your email and request a magic link. An email is sent with a one-time sign-in link that expires after 15 minutes. Signing in this way also marks your email as verified, since clicking the link proves you control the address.
A successful sign-in sets two HTTP-only cookies: a short-lived access token (60 minutes) and a refresh token (30 days). The dashboard refreshes the access token automatically while the refresh token is valid, so you stay signed in without re-entering credentials.
Profile settings
Go to Settings → General to manage your account:
- Institution name - the workspace name, shown to your officers and on invoices. This is the only editable name field here.
- Account email - set when you sign up and used to key your account. It cannot be changed in the dashboard; contact support if you need to move to a different address.
- Profile photo: upload a custom image, or keep the auto-generated avatar based on your email. Shown to colleagues in webmail and across the workspace.
Email verification
If you signed up with email and password, you receive a verification email after registration. Click the link in that email to verify your address.
Accounts created through Google or GitHub OAuth are treated as verified already, because the provider has confirmed the email. Signing in with a magic link also verifies the address.
Verification links expire 24 hours after they are sent. If yours has expired, sign in and click "Resend verification email" - a fresh link is sent to your address. (If your email is already verified, no email is sent.)
Password reset
If you forget your password:
- Go to the login page and click Forgot password?
- Enter the email address associated with your account.
- If an account exists for that address, you receive a password reset email with a link. The response is the same whether or not an account exists, so the form does not reveal which emails are registered.
- Click the link, enter a new password (minimum 8 characters), and confirm.
The reset link expires 1 hour after it is sent. If it expires, request a new one.
If you originally signed up with Google or GitHub and never set a password, password reset will not help - there is no password to reset. Sign in with your OAuth provider, or use the magic link option instead.
Two-factor authentication
For extra security you can require a one-time code (OTP) every time you sign in. Taifa Mail uses email-based OTP: a 6-digit code is sent to your account email and is valid for 10 minutes.
When 2FA is enabled, every sign-in method - email and password, Google, GitHub, and magic link - completes the same way: after the first step you are taken to a verification page, a code is sent to your email, and you enter it to finish signing in. No full session is issued until the code is verified.
Enabling or disabling 2FA also requires an emailed code, so you confirm control of the inbox before the setting changes. See Two-factor authentication for the full enrollment steps.
Deleting your account
From Settings -> Danger zone (visible to institution owners only) you can delete the institution. The action is confirmed by typing DELETE, and it takes effect immediately: access is deactivated, you are signed out everywhere, and your sessions are revoked. The underlying data (domains, addresses, audiences, and logs) is purged by a retention job after a retention window, not kept indefinitely. There is no in-app undo; restoring within the window is a support request.