# Authentication

## Table of Contents

1. [Logging In](#1-logging-in)
2. [Multi-Factor Authentication (MFA) at Login](#2-multi-factor-authentication-mfa-at-login)
3. [Windows SSO Authentication](#3-windows-sso-authentication)
4. [First-Time Onboarding](#4-first-time-onboarding)
5. [Account Recovery](#5-account-recovery)
6. [Account Settings](#6-account-settings)
7. [Changing Your Password](#7-changing-your-password)
8. [Managing MFA](#8-managing-mfa)

***

## 1. Logging In

### Steps

1. Open Axilon DevOps Desktop. The login screen appears.
2. Enter your **Username**.
3. Enter your **Password** (minimum 6 characters).
4. Click **"Sign In"**.

If your account has MFA enabled, you will be prompted for an authentication code (see the next section). Otherwise, you are taken directly to the home page.

### If Login Fails

* Check that your username and password are correct.
* Error messages appear below the relevant fields or as a notification banner.
* If you have forgotten your password, use the **Account Recovery** flow (see [Section 5](#5-account-recovery)).

***

## 2. Multi-Factor Authentication (MFA) at Login

If MFA is enabled on your account, a second step appears after entering your username and password.

### Steps

1. After submitting your credentials, the login form shows an MFA prompt: *"Please provide a code from your Authenticator."*
2. Open your authenticator app (e.g., Google Authenticator or Authy).
3. Enter the **6-digit code** displayed in the app.
4. Click **"Sign In"**.

If the code is incorrect, an error message appears. You can try again with a fresh code. To go back and re-enter your credentials, click **"Reset"**.

***

## 3. Windows SSO Authentication

If your organization has configured Windows Single Sign-On (SSO), an additional authentication option is available.

### Steps

1. On the login page, click **"Authenticate with Windows"**.
2. Complete the Windows authentication prompt.
3. On success, you are signed in automatically.

> **Note:** This option only appears when MSAL-based authentication is enabled in the system configuration.

***

## 4. First-Time Onboarding

When you log in for the first time (or with a system-generated temporary password), the application walks you through a mandatory onboarding flow before granting access to the main application.

### Step 1: Change Your Initial Password

1. The onboarding screen displays a centered form with the Axilon logo.
2. Enter your **Current Password** (the temporary password you were given).
3. Enter a **New Password**. A real-time strength indicator shows your password's complexity. Your password must reach **"Strong"** strength (score of 80 or above) to be accepted. Strong passwords typically include:
   * Uppercase and lowercase letters
   * Numbers
   * Special characters
   * Sufficient length
4. Enter the new password again in the **Confirm Password** field.
5. Click **"Change Password"**.

### Save Your Recovery Code

After changing your password, a modal appears with a **recovery code**. This code is your only way to recover your account if you lose access.

1. Click the **copy button** to copy the recovery code to your clipboard.
2. Store the code in a secure location.
3. The **"Close"** button is disabled until you have copied the code.
4. Once copied, close the modal to proceed.

### Step 2: Enable MFA (If Required)

If your organization requires MFA, you are taken to the MFA setup screen after changing your password.

1. **Scan the QR Code.** Open your authenticator app and scan the QR code displayed on screen.
2. Click **"Next"** to proceed to code verification.
3. **Enter the 6-digit code** from your authenticator app.
4. Click **"Submit"**.

On success, onboarding is complete and you are redirected to the home page.

***

## 5. Account Recovery

If you have lost your password, you can recover your account using the recovery code that was provided during onboarding.

### Steps

1. On the login page, click the **account recovery** link.
2. Enter your **Username**.
3. Enter your **Recovery Code**.
4. Enter a **New Password** (must reach "Strong" complexity).
5. Enter the new password again in **Confirm Password**.
6. Click **"Recover Account"**.

On success, the form resets and a confirmation message appears. You can now log in with your new password.

> **Important:** If you have lost both your password and your recovery code, contact a Global Admin to reset your password.

***

## 6. Account Settings

Access your account settings by clicking your name or avatar in the top navigation bar and selecting **"Account Settings"**, or by navigating to the account settings page directly.

### Account Profile

The profile page displays your current account information.

| Field        | Editable? | Notes                               |
| ------------ | :-------: | ----------------------------------- |
| **Name**     |    Yes    | Minimum 3 characters.               |
| **Username** |     No    | Read-only. Set at account creation. |

To update your name:

1. Edit the **Name** field.
2. Click **"Save Changes"**.
3. To undo unsaved edits, click **"Discard"**.

***

## 7. Changing Your Password

1. Navigate to **Account Settings > Change Password**.
2. Enter your **Current Password**.
3. Enter a **New Password**. The strength indicator must show **"Strong"** or above.
4. Enter the new password again in **Confirm Password**.
5. Click **"Save Changes"**.

A success notification confirms the change. To undo unsaved edits, click **"Discard"**.

***

## 8. Managing MFA

Navigate to **Account Settings > MFA** to view and manage your multi-factor authentication settings.

### If MFA Is Enabled

The page shows your current MFA status with a lock icon. If MFA is not mandatory for your organization, a **"Remove"** button is available.

To remove MFA:

1. Click **"Remove"**.
2. Confirm the action in the dialog that appears.
3. MFA is disabled for your account.

> **Note:** If MFA is required by your organization's policy, the Remove option is not available.

### If MFA Is Not Enabled

The page shows the MFA setup flow:

1. **Scan the QR Code** displayed on screen using your authenticator app.
2. Click **"Next"**.
3. Enter the **6-digit code** from your authenticator app.
4. Click **"Submit"**.

On success, MFA is enabled on your account and will be required at every login.