Account and Access designed
Use this path when the question starts with identity, sign-in, access, or account protection rather than with compute capacity.
Core Tasks
| Task | Expected user action | Owning product surface |
|---|---|---|
| Sign in | Use the standard browser sign-in path and land in the correct tenant/project context | app shell and auth redirect flow |
| Review account posture | Check profile, sessions, API keys, SSH keys, and MFA posture | Account pages |
| Set up MFA | Register or add an authenticator through the identity-provider-managed flow | Account security and IdP-managed MFA |
| Replace or remove MFA | Use the managed MFA path or approved recovery flow | Account security and recovery workflow |
| Recover account access | Start account recovery before replacing a lost device or removing the final authenticator | Recovery workflow |
| Manage developer keys | Add or rotate SSH/API keys without exposing secrets in shared screenshots or docs | Account profile/security |
Guided Walkthrough
Happy Path
- Sign in and confirm the correct tenant and project.
- Open
Account -> Security. - Review MFA status and session state.
- Open MFA management when adding or replacing an authenticator.
- Return to the account page and refresh status.
- Confirm the expected authenticator or recovery posture is visible.
Recovery And Edge Cases
- Lost phone or upgraded device: start recovery before removing the existing authenticator.
- Admin or privileged user: follow the stricter recovery/approval path defined by the platform policy for the environment.
- MFA status stale: use the status refresh path before assuming the provider lost the factor.
- Session posture unknown: treat it as a readback gap, not proof that MFA is disabled.
Documentation Rule
This page documents the user-safe flow. It does not expose internal IdP implementation details, raw provider URLs, or operator-only reset mechanics in the main path.