Skip to main content

SSO Authentication System

1. Overview

Sign in once and stay signed in across all your Fiftyknots sessions. The SSO authentication system eliminates repeated logins, whether you’re switching between your venture dashboard and expert workspace or accessing the platform from multiple devices. You prove your identity once, then build without interruption.

2. Step-by-Step Guide

  1. Navigate to the Login page (/login) and enter your email address or phone number in the authentication field.
  2. Request your one-time password by clicking “Send Code.” Check your email inbox or SMS messages for a temporary verification code.
  3. Enter the OTP code in the verification field within the time window (typically 10 minutes). The system validates your code against our secure authentication service.
  4. Complete authentication and land on your primary dashboard. The system creates a session token and stores it securely in your browser.
  5. Access any Fiftyknots page without re-authenticating. Your SSO session remains active across the platform - from Analytics Dashboard (/analyticsdashboard) to Data Room (/dataroomlist) to Journey Overview (/journeyoverview).
  6. Switch between roles seamlessly if you’re both a founder and a Sherpa. Navigate to Sherpa Dashboard (/sherpadashboard) or Expert Dashboard without additional login steps.
  7. Manage active sessions from your profile settings. View all devices where you’re currently signed in and revoke access to any session remotely.
  8. Sign out using the logout option in your navigation menu. This terminates your current session while preserving any active sessions on other devices (unless you choose “Sign out everywhere”).

3. Common Questions

Q: How long does my SSO session last?
Your session remains active for 30 days of continuous use. The system automatically extends your session each time you interact with the platform, so you won’t get logged out mid-sprint. Sessions expire after 30 days of inactivity. Q: Can I use SSO if I’m both a founder and a Sherpa?
Yes. One authentication gives you access to all your roles. Switch between your venture projects and Sherpa assignments without re-entering credentials. The system recognizes your permissions for each role automatically. Q: What happens if someone else gets my OTP code?
Each OTP expires after one use or 10 minutes, whichever comes first. If you suspect someone accessed your code, don’t enter it - request a new one instead. You can also revoke all active sessions from any device where you’re already logged in. Q: Do I need to authenticate separately for API access?
No. SSO covers both web and API access. Generate an auth code through the platform, exchange it for an API token, and your API requests inherit your authenticated session permissions. Use the /api/v1/auth/generate-auth-code and /api/v1/auth/exchange-auth-code endpoints. Q: Can I stay signed in across multiple browsers or devices?
Yes. Authenticate once on your laptop and once on your phone - each session remains independent. View and manage all active sessions through the session management interface, which shows device type, location, and last activity timestamp.

4. Troubleshooting

Issue: “Invalid or expired code” error when entering OTP
The OTP has a 10-minute validity window. Request a new code if yours expired. Check that you’re entering the code exactly as received - no spaces, correct case. If using SMS, verify your phone number is correct in your profile settings. Issue: Can’t access certain features despite being logged in
Your session is valid but your account may lack permissions for that specific feature. Some tools require payment tier upgrades or expert certification. Check the “Coming Next” section in your navigation to see which features unlock at your current stage. Issue: Logged out unexpectedly during active work
Your session may have been revoked from another device, or network connectivity interrupted the authentication token refresh. Sign in again - the platform auto-saves most work. If this happens repeatedly, check the Session Management page for unfamiliar active sessions and revoke them. Issue: Not receiving OTP codes
Check spam filters if using email authentication. For SMS, verify your phone number includes the correct country code. If codes still don’t arrive after 2 minutes, use the “Resend Code” option. Wait 60 seconds between resend attempts to avoid rate limiting. Profile Management - Control your authentication preferences, update contact information for OTP delivery, and configure security settings like session timeout preferences. Your profile determines which authentication methods are available and where OTP codes get sent. Session Management (/api/v1/auth/sessions) - Monitor all devices where you’re currently signed in, review login history with timestamps and locations, and terminate sessions remotely if you spot unauthorized access. Essential for maintaining account security when working across multiple devices. Developer API Authentication - Generate authentication codes for programmatic access to Fiftyknots APIs. Your SSO credentials authorize API token generation, letting you build integrations that inherit your platform permissions without managing separate API keys.