Authentication And Account
Public signup, Google and Microsoft SSO, central auth guard, 2FA, and tenant-user rehydration after clinic selection.
How Sign-In Works Now
Authentication happens centrally. After a clinic is selected, Operix swaps the current request into the clinic-local user mapped by global_user_id.
- Public signup can begin with email and password or continue through Microsoft or Google SSO.
- Platform login happens before any clinic context is initialized.
- Selected clinic ID is stored in session and resolved by middleware on tenant routes.
- Two-factor verification and password-change redirects still work before the clinic shell loads.
- Owner onboarding sessions let one verified central user launch a clinic without bypassing the same tenant provisioning path used by platform admins.
SSO And Account Linking
Microsoft and Google SSO are implemented behind one provider contract so identity stays centralized while tenant access remains membership-based.
- SSO identities are stored centrally and linked to central users only, never directly to clinic-local user rows.
- Invite acceptance can complete through SSO, then rehydrate the tenant-local membership without creating a second account.
- Domain policy can be enforced per provider before a new owner or invited user is linked.
- Fallback paths remain explicit: canceled SSO returns to signup, while existing memberships route to the clinic switcher.
Visible Demo Login
The login screen includes one buyer-safe demo credential card for local demos and packaged fresh installs that seed demo accounts.
- Visible demo email: demo@Operix.test.
- Visible demo password: Demo@12345.
- The Use demo login button fills the login form without exposing private operator accounts.
- The visible demo user receives the Demo Admin role, which can review buyer-facing dashboards and AI surfaces but cannot manage platform security, roles, memberships, repair operations, or destructive settings.
Security Boundaries
Platform roles and clinic roles stay distinct. Platform access gets a user into a clinic; tenant permissions decide what they can do after entry.
- Platform-only permissions control clinic management and platform health.
- Clinic-local roles still drive dashboards and operational actions in tenant databases.
- Forced password changes and account locks remain enforced before tenant context starts.
- Platform access policy can now enforce IP allowlists, session age, and TOTP by role before the platform shell is usable.
This page is tied back to routes, views, requests, tests, and implementation files in the generated docs coverage appendix.