Solavel Solavel Docs

Logging in and access

docs/access-login.md

Who can use this: Everyone (page covers every login flow) URL / Route: see each section Plan / feature gate: Always on

Purpose

Solavel has several different sign-in screens depending on which app you are entering and how. This page lists each one, who can use it, what happens after, and how to recover when something goes wrong.

Central sign-in

  • URL: /login
  • Who: Every user with a Solavel account — staff, organization owners, managers, and members.
  • What happens after: You arrive at /dashboard (the user dashboard). If you have not finished onboarding, you are redirected to /onboarding/verify. If you signed in from a Solabooks link, you are sent on to /sso/finance/redirect.
  • Common problems:
    • "These credentials do not match." — The email or password is wrong. Use Forgot password.
    • "Your email address is not verified." — Open /onboarding/verify and click "Resend verification email."
    • You see Solabooks branding on the login screen — that is normal when you arrived from Solabooks with ?next=solabooks in the URL.

Sign up (register)

  • URL: /register
  • Who: Anyone with a valid email who does not already have a Solavel account.
  • What happens after: Your account is created with the Organization Owner role. A verification email is sent. You are redirected to /onboarding/verify until you click the link.
  • Common problems:
    • "Email has already been taken." — You probably have an account already. Try Forgot password.

Forgot and reset password

  • Forgot password URL: /forgot-password
  • Reset password URL: /reset-password/{token} (link from email)
  • Who: Any user with a valid account.
  • What happens after: You enter your email, receive a reset link, set a new password, and are redirected to /login.
  • Common problems:
    • The email never arrives. Check spam, then ask a Solavel admin to look in System event logs for the outgoing message.

First-time password setup

  • URL: /password/setup/{user} (link from email)
  • Expired link page: /password/setup-expired
  • Resend link: POST /password/setup/resend
  • Who: A user who was just invited (team member, admin, or new client owner) and has not signed in yet.
  • What happens after: You set a password and arrive on /dashboard already signed in.
  • Common problems:
    • "Link expired." — Open the expired-link page and click "Resend." A new email goes out.

Email verification

  • URL: /onboarding/verify
  • Check link: /onboarding/verify/check
  • Resend: POST /onboarding/verify/resend
  • Who: Any signed-in user who has not yet verified their email.
  • What happens after: Once verified, you are released to /dashboard. Until then most other pages redirect back here.

Admin shell

  • URL: /admin
  • Who: Solavel staff with the Admin or Super Admin role.
  • What happens after: You arrive at the admin dashboard. The shell decides which menu items show based on your role.
  • Common problems:
    • "This area is restricted to administrators." — Your account does not have is_admin flagged. A super-admin must promote you.
    • "This action requires super admin privileges." — You opened a super-admin-only screen (roles, permissions, projects, Send Email). Ask a super-admin.

Client portal

  • URL: /portal (redirects to /portal/orgs for most users) and /portal/orgs/*
  • Who: Any signed-in user who belongs to at least one organization.
  • What happens after: You see your organizations list and can pick one to enter. See Client portal.
  • Common problems:
    • You see no organizations. Either you have not been added to one yet, or your invitation is still pending. Ask the organization owner to check the Members page.

Solabooks SSO redirect

  • Entry URL: /sso/finance (public landing) or /sso/finance/redirect (signed-in handoff)
  • Who: Any signed-in user with at least one organization that has Solabooks switched on.
  • What happens after: The central app generates a short-lived token and forwards you to /finance/sso/callback. Solabooks verifies the token by calling /api/sso/validate on the central app, then signs you into the Solabooks app for the selected organization.
  • Common problems:
    • You land back on /login instead of Solabooks. Your session expired. Sign in again.
    • "Organization is not provisioned for Solabooks." — Solabooks is not yet enabled for this organization. Open the plan page and pick a Solabooks tier.
    • The redirect throttles after too many attempts. Wait one minute and try again.

Solabooks start (signed-out variant)

  • URL: /finance/start (GET landing) and POST /finance/start (form post)
  • Who: A new visitor who wants Solabooks specifically. Used as a "start with Solabooks" call-to-action from marketing pages.
  • What happens after: You sign in or sign up, then are forwarded into the Solabooks onboarding wizard at /finance/onboarding/*.

Solabooks login screen

  • URL: /finance/login
  • Who: A user whose session has expired while inside Solabooks.
  • What happens after: You sign in. Solabooks sends you back to whatever you were doing.

Customer portal (for your customers)

  • Account login: /finance/customer-portal/login
  • Setup link: /finance/customer-portal/setup (token expires in 60 minutes)
  • Forgot password: /finance/customer-portal/forgot-password
  • Reset password: /finance/customer-portal/reset-password/{token} (token expires in 60 minutes)
  • Who: Customers of one of your organizations. They are not Solavel users.
  • What happens after: They land on /finance/customer-portal/dashboard and can see their invoices, payments, quotes, and orders for your organization only.
  • Common problems:
    • "Setup link has expired." — Open the customer record in Solabooks and resend the invite.

Secure document links (one-off)

  • Canonical URL: /finance/i/{token}/...
  • Legacy alias: /finance/portal/{token}/...
  • Who: Anyone with the link.
  • Token expiry: 24 hours from when the link was generated.
  • What happens after: They see the document (invoice, quote, sales order). For quotes, they can also accept or decline. For all links, they can request a fresh link via "Send again" if the current one has expired.
  • Common problems:
    • "Link expired or revoked." Use the "request access" page to ask for a new link, or resend it from inside Solabooks.

Public quote acceptance link

  • URL: /finance/q/{token}
  • Who: A specific customer you have sent a quote link to.
  • What happens after: They see the quote and can accept or decline. Each link is per-quote.

Project share and time-approval links

  • Project share: /finance/shared/projects/{token} and /finance/p/projects/{token}
  • Customer time approval: /finance/customer/time-approvals/{timeEntry}/{token}/...
  • Who: Anyone with the link.
  • What happens after: They view (or approve, for time entries) the linked item. These tokens are signed URLs, not database tokens.

Signing out

  • Central + everywhere: POST /logout
  • Cross-app sign-out: /sso/logout (also available inside Solabooks)

Either link ends both sessions. There is no "sign out only here" option.

Note: There is no two-factor authentication (2FA) enabled in the central app at the moment.

Related

Source: docs/access-login.md ← All documentation