Skip to main content

SSO Infrastructure - Phase 1 Implementation Summary

1. Overview

The SSO (Single Sign-On) infrastructure gives you seamless, secure access across the entire Fiftyknots platform with one login. Instead of managing separate credentials for different tools, you authenticate once and move freely between your venture dashboard, data rooms, AI tools, and expert collaboration spaces. This reduces friction in your workflow and keeps your venture data secure with enterprise-grade authentication protocols.

2. Step-by-Step Guide

  1. Initial Login - Navigate to /login and enter your email address. The system sends you a one-time password (OTP) to verify your identity.
  2. Verify Your Identity - Check your email for the OTP code. Enter it on the verification screen. The system validates your code through POST /api/v1/auth/verify-otp and establishes your authenticated session.
  3. Access Callback Processing - After verification, you’re redirected to /authcallback where the system processes your authentication tokens and sets up your session. This happens automatically in the background.
  4. Navigate the Platform - Once authenticated, access any Fiftyknots page without re-entering credentials. Your session persists across the dashboard (/dashboard), analytics (/analyticsdashboard), data rooms (/dataroomlist), and AI tools (/aistudio).
  5. Manage Active Sessions - View all your active sessions at any time through GET /api/v1/auth/sessions. This shows which devices and browsers have access to your account.
  6. Logout Securely - When finished, logout from the user menu. This calls POST /api/v1/auth/logout to invalidate your session and protect your account.

3. Common Questions

Q: What happens if I’m logged in on multiple devices?
A: SSO supports multiple concurrent sessions. You can work on your laptop, check progress on your phone, and collaborate on a tablet - all stay synchronized. Review active sessions anytime through the session management endpoint. Q: Do I need to log in again when switching between different Fiftyknots tools?
A: No. Once authenticated, you move seamlessly between your venture dashboard, data rooms, expert dashboards, marketplace, and AI tools without additional login prompts. Your session covers the entire platform. Q: How long does my session stay active?
A: Your session remains active as long as you’re using the platform. Extended inactivity triggers a timeout for security. You’ll need to re-authenticate with a new OTP if your session expires. Q: Can I revoke access from a specific device?
A: Yes. View all active sessions through GET /api/v1/auth/sessions and terminate any specific session using DELETE /api/v1/auth/sessions/:sessionId. This immediately logs out that device without affecting your other sessions. Q: What if I don’t receive my OTP code?
A: Check your spam folder first. If the code doesn’t arrive within 2 minutes, request a new one through the login screen. The system invalidates the previous code when you request a fresh one.

4. Troubleshooting

Issue: Authentication callback fails after entering OTP
Solution: Clear your browser cache and cookies, then restart the login flow. If the problem persists, the authcallback process may be timing out - try using a different browser or check your network connection stability. Issue: Session expires unexpectedly during active work
Solution: This typically happens when working across multiple tabs or windows. The system maintains one active session per authentication. Refresh the page to re-establish your session, or log in again if prompted. Issue: OTP verification keeps rejecting valid codes
Solution: OTP codes expire after a short window for security. Request a fresh code through POST /api/v1/auth/request-otp rather than reusing an old one. Ensure you’re entering the most recent code from your email. Issue: Cannot access certain pages after successful login
Solution: Verify your session is active through GET /api/v1/auth/session. Some pages require additional permissions based on your role (founder, expert, sherpa). Contact support if you believe you should have access to a restricted area. Profile Management - After initial authentication, complete your profile at /profilecomplete to unlock full platform capabilities. Your profile determines which tools, experts, and journeys become available to you. Privacy Preferences - Configure your data handling and communication preferences at /privacypreferences. These settings control how the platform manages your information across all authenticated sessions and integrations. Quick Start Wizard - New users flow directly from authentication to /quickstart, which guides you through venture intake, ICP selection, and journey initialization. This connects your authenticated identity to your first venture project.