Authentication

Login, recovery, invite activation, and first profile setup.

Use this page when onboarding a user into the platform or when showing them how to get back into the system. The same set of routes appears across environments even though dev includes the extra quick-login shortcut for seeded demo identities.

Overview Superadmin Supervisor Manager Employee

Authentication Flow Summary

  1. dev users may enter through quick login for seeded demo roles.
  2. Regular login starts at /login with email and password.
  3. The user then completes OTP at /otp.
  4. Forgot-password starts at /forgot-password.
  5. Invite activation starts at /activate-invite?token=....
  6. After login, self-service profile and availability work live at /profile.

Task Recipe

Sign In With The Normal Flow

Use this recipe in test or any environment where quick login is not available, or any time you need to demonstrate the real sign-in path.

  1. Open /login.
  2. Enter the user’s email and password.
  3. Submit the form to request the one-time passcode.
  4. Move to /otp when the app confirms that the passcode was sent.
  5. Enter the passcode and complete sign-in.
  6. After login, continue to /profile if account details still need to be completed.

Task Recipe

Activate A Newly Invited Account

Use this recipe when a user receives their first invite and needs to create the password that unlocks the regular login flow.

  1. Open the invite link sent by email. It should land on /activate-invite?token=....
  2. Confirm that the token is present in the page or URL.
  3. Set the new password and submit the activation form.
  4. Return to /login after activation succeeds.
  5. Sign in normally and complete the user profile if required.

Task Recipe

Prepare A User For Timesheet Entry

This is the onboarding recipe to run immediately after a first successful login.

  1. Open /profile.
  2. Verify that the Latin and Cyrillic name fields are correct.
  3. Change the password if the temporary or first password should be rotated.
  4. Select the correct holiday calendar for the user.
  5. Add any full-day or recurring partial-day availability constraints.
  6. Only after that, move into project timesheet workflows.

Quick Login In Dev

The default /login page in dev shows seeded identity cards. This is the fastest way to enter the app for training, UI exploration, and documenting seeded use cases without needing email delivery.

Route/login
Use whenExploring seeded demo data in dev
Available identitiesEmployee, manager, supervisor, and superadmin seed aliases

What You Can Do Here

  • Choose the correct seeded role card for the walkthrough you want to run.
  • See each seeded user’s display name, role category, and organization context.
  • Switch from quick login to the regular login flow with the dedicated button.

Typical Use Case

  1. Open /login.
  2. Click the seeded identity that matches the role you want to inspect.
  3. Continue into the dashboard and then follow the role-specific documentation page.
Click the screenshot to open it full screen.

Regular Login

The regular login form is the standard entry point when quick login is disabled or when you want to verify the normal authentication experience. The user enters email and password first, then moves to the OTP handoff step after the backend accepts those credentials.

Route/login
Next route/otp after passcode delivery
Use whenTesting or teaching the normal login journey

What You Can Do Here

  • Enter the email and password for a real or seeded user.
  • Start the OTP flow by requesting a passcode.
  • Navigate to the forgot-password route if the user cannot remember their password.
  • Use the page as the standard launch point for every non-quick-login environment.

Typical Use Case

  1. Open /login and switch from quick login to the regular form.
  2. Enter email and password.
  3. Wait for the “passcode sent” confirmation and continue to OTP.
Click the screenshot to open it full screen.

Forgot Password

Password recovery begins on /forgot-password. This page is intentionally small: it exists only to collect the email and trigger the reset handoff. The user then follows the reset link delivered by email.

Route/forgot-password
OutcomePassword reset email handoff

What You Can Do Here

  • Submit the account email to trigger the reset flow.
  • Return to login without completing the reset if the password becomes available.
Click the screenshot to open it full screen.

Invite Activation

New users land on /activate-invite with a token in the URL. This page does not create the account itself. The account already exists, and this step is only for the first password setup so the user can enter the standard login flow afterward.

Route/activate-invite?token=...
OutcomeFirst password is set for an invited account

What You Can Do Here

  • Review the token-bearing activation route received by email.
  • Set the initial password for the invited account.
  • Return to the regular login page after activation succeeds.
Click the screenshot to open it full screen.

Profile Completion And Availability

After authentication, organization users manage their own profile and availability inputs from /profile. This page is part onboarding surface and part ongoing personal settings surface.

Route/profile
Use whenSetting names, changing password, and maintaining availability data

What You Can Do Here

  • Edit personal profile fields that complete the user’s account record.
  • Change the current password through the built-in password form.
  • Select the holiday calendar used for availability and capacity logic.
  • Create and maintain full-day blocks.
  • Create and maintain recurring partial-day blocks.
  • Return later to maintain these settings without leaving the authenticated app shell.

Typical Use Case

  1. Sign in and open /profile.
  2. Confirm that the required name fields are correct.
  3. Set the right holiday calendar for the user.
  4. Add any relevant non-working dates or recurring reductions before entering time.
Click the screenshot to open it full screen.