Authentication & Access Control
Sign in, manage your account, and let admins control who has access.
User login
An authenticated user logs into the CRM application using username/email and password, optionally completing MFA verification.
MFA enrollment
A user enrolls in TOTP-based multi-factor authentication by scanning a QR code with an authenticator app and verifying a code.
Password reset (self-service)
An unauthenticated user requests a password reset, receives a reset link via email, and sets a new password.
Admin creates user account
Admin provisions a new user account with a role, a temporary password, and optionally assigns a reporting hierarchy.
Admin changes user role
Admin changes a your assigned role, immediately affecting their permissions.
Deactivate or reactivate user
Admin deactivates a user (blocking login but preserving records) or reactivates a previously deactivated user.
Change own password
An authenticated user changes their own password.
Admin force-logout or MFA reset
Admin terminates all active sessions for a user or resets their MFA enrollment.
Social login registration & sign-in
A user authenticates and (when permitted) registers an account through an external identity provider — Google, Microsoft, or LinkedIn — using OAuth 2.0 Authorization Code with PKCE and OpenID Connect. The flow covers first-time registration via invitation or domain allowlist, sign-in for already-linked users, and linking a social provider to an existing password account.