I think you are mixing the process of creating a login step and defining your global security provider. It’s really pretty simple.
-
Under globals you define a security provider, one for the whole site. You define it only there, under Globals > Security Providers. Here you just select your users table, the unique ID column for this table and the columns containing the usernames and passwords for your users, i.e. the details they enter later in the login form to log in:
You don’t NEED to add permissions if you don’t use permissions for your users. That is not mandatory. -
Then you go, create Server Action under API and add the Login step there. Note - just a single login step, nothing else, you don’t add the security provider step in the server actions any longer. There you define the login step.
-
You create your login server connect form on the page and select the login action for it.
That’s all.