Authentication

Authentication is not fully standardized across every documented module. The docs currently cover a mix of SSO-backed services, app-managed sessions, and modules that still need auth hardening.

Current Access Model

Module	Documented access pattern	Notes
M2	Authentik SSO + Azure AD	Most clearly documented shared login flow
M1 / OBV	App-managed session flow	See module owners for current provisioning details
M3	Access model needs verification	Treat as internal until module auth is confirmed
M4	Reporting-specific access flow	Confirm with the reporting team before onboarding users
M7	Not yet standardized	Technical docs flag auth as not implemented

For engineering details, see the technical authentication notes.

First-Time Login

When access is enabled for your account:

1. Start from the specific module URL you need.
2. Follow that module’s sign-in prompt or redirect flow.
3. If access fails, contact the module owner instead of assuming a shared SSO issue.

Note

Shared sign-in behavior differs by module, so the right fix depends on which application you are trying to open.

Troubleshooting

”Access Denied” or Missing Permissions

1. Confirm the exact module URL you were trying to open.
2. Check whether that module uses shared SSO or a module-specific session flow.
3. Ask the module owner or administrator to verify your account and role assignment.

Login Loop

1. Clear cookies for the affected module domain.
2. Retry in an incognito/private browser window.
3. If the loop persists, report the exact URL and the last redirect you saw.

Account Not Found

1. Confirm you are using the expected account for that module.
2. Verify whether the module is supposed to be externally accessible yet.
3. Ask the responsible team to provision or verify your access.

Security Best Practices

• Never share credentials or session links.
• Use MFA wherever the module supports it.
• Report inconsistent auth behavior, especially on internal-only modules, to the engineering team.