TLE2E EncryptionTenantLevel
Authentication

Sign in to the operations console

The auth POST sets an httpOnly cookie, so the session survives refreshes without leaking the token into browser storage.

Register insteadNeed a tenant?
Session model
Server-verified cookie
Claims surface
Roles, groups, apiAccess
Failure mode
401 clears cookie
Visible only
User, tenant, and access summary
Operators can refresh, navigate, and recover without re-entering credentials every time.
The backend returns the user and tenant identity that the shell uses for routing decisions.
Authentication failures keep the surface minimal and avoid noisy state.
Sign in

Use your active session

httpOnly cookie

Use the tenant identity you were issued or registered with.

Passwords never leave the browser except inside the auth POST body.

The backend sets an httpOnly cookie. Claims are extracted server-side and limited operators are routed to My access until a tenant onboarding token or elevated claim set is present.

Session posture

On success, the browser opens the tenant dashboard when control-plane claims are present, or falls back to My access until the operator upgrades into a claim-bearing tenant session.

Register account