Getting Started

Start here to bring the platform online safely.

1. Set real values in .env for SMTP and Microsoft OIDC.
2. Log in as the bootstrap admin and rotate the password immediately.
3. Configure reverse proxy to pass trusted headers and mTLS info.
4. Create OAuth clients and SAML service providers as needed.
5. Generate and activate an intermediate CA in the PKI admin page.
6. Enable user registration at /user/register and verify email flow.
7. Optionally require approval with REQUIRE_REGISTRATION_APPROVAL.

Key URLs

• User login: /user/login
• Admin portal (mTLS + session): /admin/
• SAML metadata: /saml/metadata
• CA cert and CRL: /ca, /crl