Create Account & First Organization

Learn how to sign up for PaaSPortal, set up your account, and create your first organization to start managing Odoo projects.

Overview

PaaSPortal provides multiple authentication methods to create your account:

• Email/Password: Traditional registration with secure password requirements
• OAuth Providers: Sign up with GitHub, GitLab, Google, or Microsoft
• Passkeys (WebAuthn): Modern passwordless authentication using biometrics

Once registered, you'll automatically create your first organization or join an existing one via invitation.

Sign Up Process

Method 1: Email & Password Registration

The most straightforward way to create an account is using email and password.

Step-by-Step Registration

1. Navigate to Registration Page

   • Visit /auth/register or click "Sign up" from the login page
   • Or directly access: https://your-paasportal-domain.com/auth/register

2. Fill in Your Details

   • Full Name (optional): Your display name within PaaSPortal
   • Email: A valid email address (used for login and notifications)
   • Password: Must meet security requirements
   • Confirm Password: Must match your password

3. Password Requirements

Your password must meet the following criteria:

• Minimum 8 characters
• At least one uppercase letter (A-Z)
• At least one lowercase letter (a-z)
• At least one number (0-9)

The registration form provides real-time validation feedback showing which requirements are met.

4. Submit Registration

   • Click "Create account"
   • You'll receive JWT tokens immediately and be logged in
   • A verification email will be sent to your address

5. Email Verification

   • Check your inbox for a verification email from PaaSPortal
   • Click the verification link in the email
   • Your account will be fully verified
   • Note: You can use most features while unverified, but some organization-level actions may require verification

API Endpoint: Register with Email/Password

POST /api/v1/auth/register
Content-Type: application/json
 
{
  "email": "user@example.com",
  "password": "SecurePass123",
  "name": "John Doe"
}

Response (201 Created):

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "bearer",
  "expires_in": 3600,
  "requires_onboarding": true,
  "pending_invitations": 0
}

Response Fields:

• access_token: JWT token for API authentication (expires in 1 hour)
• refresh_token: Long-lived token to get new access tokens
• requires_onboarding: true if user needs to create/join an organization
• pending_invitations: Number of pending organization invitations

Error Responses:

• 409 Conflict: Email already exists
• 403 Forbidden: Email/password registration is disabled
• 400 Bad Request: Invalid email format or password requirements not met

Frontend UI Walkthrough

The registration page (/auth/register) provides:

1. Form Fields:

   • Full Name input with user icon
   • Email input (locked if coming from invitation)
   • Password input with show/hide toggle
   • Confirm Password input with match indicator

2. Real-time Validation:

   • Green checkmarks for met password requirements
   • Red X for unmet requirements
   • Password match indicator on confirm field

3. Submit Button:

   • Disabled until all requirements are met
   • Shows loading spinner during registration
   • Displays "Create account" text

4. Additional Options:

   • Link to login page for existing users
   • OAuth provider options (GitHub, GitLab, Google, Microsoft)
   • Links to Terms of Service and Privacy Policy

Method 2: OAuth Provider Registration

Sign up using your existing GitHub, GitLab, Google, or Microsoft account.

Supported OAuth Providers

PaaSPortal supports the following OAuth providers:

• GitHub: Authenticate with your GitHub account
• GitLab: Use your GitLab credentials
• Google: Sign up with your Google account
• Microsoft: Use your Microsoft/Azure AD account

OAuth Registration Flow

1. Choose Provider

   • Go to /auth/login
   • Click on your preferred OAuth provider button

2. Authorize PaaSPortal

   • You'll be redirected to the provider's authorization page
   • Review the requested permissions:
     • Basic profile information (name, email)
     • Access to public repositories (for Git integrations)
   • Click "Authorize" or "Allow"

3. Account Creation

   • PaaSPortal receives your profile information
   • If your email doesn't exist, a new account is created automatically
   • You're logged in immediately
   • Your profile picture is imported from the OAuth provider

4. First Login Redirect

   • New users are redirected to /onboarding
   • Existing users go to /dashboard

OAuth Provider Availability

Not all OAuth providers may be enabled on your PaaSPortal instance. The login page automatically detects and displays only available providers.

API Endpoint: Check Available Providers

GET /api/v1/auth/providers

Response:

{
  "oauth_providers": ["github", "gitlab", "google", "microsoft"],
  "email_password_enabled": true,
  "passkey_enabled": true
}

Method 3: Passkey Registration (Sprint 2E23)

Passkeys provide the most secure and convenient authentication method using biometrics.

What are Passkeys?

Passkeys are a modern, passwordless authentication standard (WebAuthn/FIDO2) that use:

• Face ID on iPhone/iPad
• Touch ID on Mac
• Windows Hello on Windows PCs
• Fingerprint on Android devices
• Hardware security keys (YubiKey, etc.)

Benefits of Passkeys

• More Secure: Resistant to phishing and credential theft
• More Convenient: No passwords to remember or type
• Faster Login: One touch or glance to authenticate
• Privacy-Focused: Biometric data never leaves your device

How to Register with Passkey

Important: You must first create an account using email/password or OAuth, then add a passkey.

1. Create Account

   • Sign up using email/password or OAuth provider
   • Complete the onboarding process

2. Navigate to Security Settings

   • Go to Settings → Security
   • Find the "Passkeys" section

3. Register New Passkey

   • Click "Add Passkey"
   • Enter a friendly name (e.g., "MacBook Pro", "iPhone")
   • Your device will prompt for biometric authentication
   • Complete the biometric verification
   • Your passkey is now registered

4. Login with Passkey

   • Go to /auth/login
   • Click "Sign in with Passkey"
   • Your device prompts for biometric authentication
   • You're logged in instantly

API Endpoints: Passkey Management

Generate Registration Options:

POST /api/v1/auth/passkeys/register/options
Authorization: Bearer <access_token>
Content-Type: application/json
 
{
  "name": "MacBook Pro"
}

Verify Registration:

POST /api/v1/auth/passkeys/register/verify
Authorization: Bearer <access_token>
Content-Type: application/json
 
{
  "name": "MacBook Pro",
  "credential": {
    "id": "...",
    "rawId": "...",
    "response": { ... },
    "type": "public-key"
  }
}

Login with Passkey:

POST /api/v1/auth/passkeys/login/options
Content-Type: application/json
 
{
  "email": "user@example.com"
}

POST /api/v1/auth/passkeys/login/verify
Content-Type: application/json
 
{
  "challenge_id": "...",
  "credential": {
    "id": "...",
    "rawId": "...",
    "response": { ... },
    "type": "public-key"
  }
}

First Login Experience

Login Process

Email & Password Login

1. Navigate to Login Page

   • Visit /auth/login
   • Enter your email address
   • Enter your password
   • Click "Sign in"

2. Two-Factor Authentication (if enabled)

   • If you've enabled 2FA, you'll see the verification screen
   • Enter the 6-digit code from your authenticator app
   • Or use one of your backup codes
   • Click "Verify"

3. Successful Login

   • Receive JWT tokens
   • Redirected based on account status:
     • New users without organizations → /onboarding
     • Users with pending invitations → /onboarding
     • Existing users → /dashboard

API Endpoint: Login

POST /api/v1/auth/login
Content-Type: application/json
 
{
  "email": "user@example.com",
  "password": "SecurePass123"
}

Response (200 OK):

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "bearer",
  "expires_in": 3600,
  "requires_onboarding": false,
  "pending_invitations": 0
}

Response with 2FA Required:

{
  "requires_2fa": true,
  "temp_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Then verify 2FA:

POST /api/v1/auth/verify-2fa
Content-Type: application/json
 
{
  "temp_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "code": "123456"
}

Remember Me

The login page supports "Remember me" functionality:

• JWT tokens are stored in localStorage
• Access token expires in 1 hour
• Refresh token expires in 30 days
• Automatic token refresh on page load
• Logout clears all tokens

Forgot Password

If you forget your password:

1. Click "Forgot password?" on the login page
2. Enter your email address
3. Click "Send reset link"
4. Check your email for the reset link
5. Click the link (expires in 60 minutes)
6. Enter and confirm your new password
7. Click "Reset password"
8. Login with your new password

API Endpoint: Forgot Password

POST /api/v1/auth/forgot-password
Content-Type: application/json
 
{
  "email": "user@example.com"
}

API Endpoint: Reset Password

POST /api/v1/auth/reset-password
Content-Type: application/json
 
{
  "token": "reset_token_from_email",
  "password": "NewSecurePass123"
}

Create First Organization

Automatic Organization Creation

After your first successful login, you'll be redirected to the onboarding page where you can:

1. Create a new organization
2. Join an existing organization (via invitation)

Creating Your Organization

Step-by-Step Guide

1. Onboarding Welcome Screen

   • After first login, you'll see the welcome screen
   • Two options are presented:
     • "Create a new organization"
     • "I have an invitation code"

2. Choose "Create a new organization"

   • Click the "Create a new organization" card
   • You'll be taken to the organization creation form

3. Enter Organization Details

   • Organization Name: Enter a descriptive name (e.g., "Acme Corporation")
   • The system will automatically generate a URL-friendly slug
   • Example: "Acme Corporation" → acme-corporation

4. Submit

   • Click "Create Organization"
   • Your organization is created instantly
   • You're assigned the OWNER role automatically
   • Redirected to the dashboard

Organization Naming Guidelines

• Use a clear, descriptive name
• Maximum 255 characters
• Can include spaces, letters, numbers, and special characters
• The slug is auto-generated and must be unique

Good examples:

• "Acme Web Solutions"
• "Digital Marketing Pro"
• "Smith & Associates"

Avoid:

• Generic names like "Test" or "Company"
• Very long names that are hard to read
• Special characters that might cause URL issues

API Endpoint: Create Organization

POST /api/v1/organizations
Authorization: Bearer <access_token>
Content-Type: application/json
 
{
  "name": "Acme Corporation",
  "description": "Leading provider of web solutions",
  "website": "https://acme.com"
}

Response (201 Created):

{
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "name": "Acme Corporation",
  "slug": "acme-corporation",
  "description": "Leading provider of web solutions",
  "website": "https://acme.com",
  "logo_url": null,
  "is_active": true,
  "billing_email": null,
  "stripe_customer_id": null,
  "max_projects": 10,
  "max_environments": 30,
  "max_servers": 5,
  "max_members": 20,
  "created_at": "2025-01-15T10:00:00Z",
  "updated_at": "2025-01-15T10:00:00Z"
}

Joining an Existing Organization

Via Invitation Link

If you received an invitation link via email:

1. Click the Invitation Link

   • Format: https://paasportal.com/onboarding?token=INVITATION_TOKEN
   • Opens the invitation preview page

2. Sign In or Create Account

   • If not logged in, you'll see two options:
     • "Sign In to Accept"
     • "Create Account"
   • Choose your preferred method

3. Automatic Acceptance

   • After authentication, the invitation is automatically accepted
   • You're added to the organization
   • Redirected to the dashboard

Via Invitation Code

If you have a 6-character invitation code:

1. Onboarding Welcome Screen

   • Click "I have an invitation code"

2. Enter the Code

   • Type the 6-character code (e.g., ABC123)
   • The input automatically converts to uppercase
   • Code is validated in real-time

3. Validate and Accept

   • Click "Validate Code"
   • Review the organization details shown
   • Click "Join Organization"
   • You're added to the organization
   • Redirected to the dashboard

API Endpoint: Validate Invitation

POST /api/v1/invitations/validate
Content-Type: application/json
 
{
  "code": "ABC123"
}

Response:

{
  "valid": true,
  "organization_name": "Acme Corporation",
  "organization_slug": "acme-corporation",
  "message": "Welcome to our team!",
  "scope": "organization",
  "expires_at": "2025-02-15T10:00:00Z",
  "restricted_email": null,
  "projects": null
}

API Endpoint: Accept Invitation

POST /api/v1/invitations/accept
Authorization: Bearer <access_token>
Content-Type: application/json
 
{
  "code": "ABC123"
}

Slug Generation Rules

When you create an organization, PaaSPortal automatically generates a unique slug:

1. Converts name to lowercase
2. Replaces spaces with hyphens
3. Removes special characters
4. Ensures uniqueness by appending numbers if needed

Examples:

Account Settings

Once your account is created, you can customize your profile and preferences.

Profile Settings

Accessing Profile Settings

1. Click your avatar in the top-right corner
2. Select "Settings" from the dropdown
3. Navigate to the "Profile" tab

Available Profile Settings

Personal Information

• Full Name: Your display name throughout PaaSPortal
• Email: Your primary email address (requires verification to change)
• Avatar: Upload a custom profile picture or use OAuth provider's image

API Endpoint: Update Profile

PATCH /api/v1/users/me
Authorization: Bearer <access_token>
Content-Type: application/json
 
{
  "name": "John Smith",
  "avatar_url": "https://example.com/avatar.jpg"
}

Avatar Upload

You can upload a custom avatar:

• Supported formats: JPG, PNG, GIF, WebP
• Maximum size: 2MB
• Recommended dimensions: 256x256 pixels
• Square images work best

Timezone Settings

Set your timezone for accurate timestamps:

1. Go to Settings → Preferences
2. Select your timezone from the dropdown
3. All dates and times will be displayed in your timezone
4. Affects: deployment logs, backup schedules, notifications

Supported Timezones:

• All IANA timezone database entries
• Examples: America/New_York, Europe/London, Asia/Tokyo

Notification Preferences

Customize which notifications you receive:

Email Notifications

Configure email notifications for:

• Deployment Events: Success, failure, or progress updates
• Backup Events: Backup completion or failures
• System Alerts: Resource warnings, quota limits
• Team Activity: Invitations, member changes
• Security Alerts: Login from new device, password changes

Notification Channels

• Email: Sent to your registered email
• In-App: Bell icon in the top navigation
• Webhook: Configure custom webhook URLs (organization-level)

API Endpoint: Update Notification Preferences

PATCH /api/v1/users/me/notification-preferences
Authorization: Bearer <access_token>
Content-Type: application/json
 
{
  "email_enabled": true,
  "deployment_notifications": true,
  "backup_notifications": true,
  "alert_notifications": true,
  "team_notifications": true
}

Language & Region

Set your preferred language and regional formats:

• Language: Interface language (English, Spanish, French, etc.)
• Date Format: MM/DD/YYYY, DD/MM/YYYY, YYYY-MM-DD
• Time Format: 12-hour or 24-hour
• Number Format: Decimal and thousands separators

Security Setup

PaaSPortal provides multiple layers of security to protect your account.

Two-Factor Authentication (2FA/TOTP)

Add an extra layer of security with time-based one-time passwords.

Enabling 2FA

1. Navigate to Security Settings

   • Go to Settings → Security
   • Find "Two-Factor Authentication" section
   • Click "Enable 2FA"

2. Scan QR Code

   • A QR code is displayed
   • Open your authenticator app:
     • Google Authenticator
     • Microsoft Authenticator
     • Authy
     • 1Password
     • Any TOTP-compatible app
   • Scan the QR code

3. Enter Verification Code

   • Your authenticator generates a 6-digit code
   • Enter the code in PaaSPortal
   • Click "Verify and Enable"

4. Save Backup Codes

   • You'll receive 8 backup codes
   • IMPORTANT: Save these in a secure location
   • Each code can be used once
   • Use them if you lose access to your authenticator

Using 2FA During Login

Once 2FA is enabled:

1. Enter email and password as usual
2. You'll see the 2FA verification screen
3. Enter the 6-digit code from your authenticator app
4. Or use one of your backup codes
5. Click "Verify"
6. You're logged in

API Endpoints: 2FA Management

Setup 2FA:

POST /api/v1/auth/2fa/setup
Authorization: Bearer <access_token>

Response:

{
  "secret": "YOUR_TOTP_SECRET_BASE32_ENCODED",
  "qr_uri": "otpauth://totp/PaaSPortal:user@example.com?secret=YOUR_TOTP_SECRET_BASE32_ENCODED&issuer=PaaSPortal",
  "backup_codes": [
    "A1B2C3D4",
    "E5F6G7H8",
    "I9J0K1L2",
    "M3N4O5P6",
    "Q7R8S9T0",
    "U1V2W3X4",
    "Y5Z6A7B8",
    "C9D0E1F2"
  ]
}

Enable 2FA:

POST /api/v1/auth/2fa/enable
Authorization: Bearer <access_token>
Content-Type: application/json
 
{
  "code": "123456"
}

Disable 2FA:

POST /api/v1/auth/2fa/disable
Authorization: Bearer <access_token>
Content-Type: application/json
 
{
  "code": "123456",
  "password": "SecurePass123"
}

Regenerate Backup Codes:

POST /api/v1/auth/2fa/regenerate-backup-codes
Authorization: Bearer <access_token>
Content-Type: application/json
 
{
  "code": "123456"
}

Response:

{
  "backup_codes": [
    "X1Y2Z3A4",
    "B5C6D7E8",
    "F9G0H1I2",
    "J3K4L5M6",
    "N7O8P9Q0",
    "R1S2T3U4",
    "V5W6X7Y8",
    "Z9A0B1C2"
  ]
}

Backup Codes

Backup codes are single-use codes for account recovery:

• Total Codes: 8 codes provided
• Format: 8 uppercase alphanumeric characters
• Usage: Each code can be used only once
• Regeneration: You can generate new codes anytime
• Warning: Regenerating invalidates all previous codes

When to Use Backup Codes:

• Lost your phone with authenticator app
• Authenticator app not working
• Device is being repaired
• Traveling without your primary device

Best Practices:

• Print backup codes and store in a safe place
• Don't store them digitally in an unsecured location
• Regenerate codes periodically (every 3-6 months)
• Track which codes you've used

OAuth Provider Connections

Link multiple OAuth accounts to your PaaSPortal account.

Benefits of Linking OAuth Providers

• Sign in using any linked provider
• Access repositories from multiple platforms
• Backup authentication method
• No password required for linked providers

How to Link OAuth Provider

1. Go to Settings → Security
2. Find "Connected Accounts" section
3. Click "Connect" next to a provider (GitHub, GitLab, Google, Microsoft)
4. Authorize PaaSPortal
5. Provider is now linked

Managing Connected Accounts

• View all connected providers
• See last login date for each provider
• Disconnect providers (requires at least one login method)
• Primary email syncs across all providers

API Endpoints: OAuth Management

List OAuth Accounts:

GET /api/v1/users/me/oauth-accounts
Authorization: Bearer <access_token>

Response:

[
  {
    "id": "...",
    "provider": "github",
    "provider_username": "johndoe",
    "created_at": "2025-01-15T10:00:00Z",
    "last_used_at": "2025-01-20T15:30:00Z"
  }
]

Passkeys (WebAuthn) - Sprint 2E23

Passkeys provide the most secure authentication method.

Why Use Passkeys?

• Phishing Resistant: Cannot be stolen by fake login pages
• No Passwords: Nothing to forget or leak
• Device-Bound: Uses your device's secure enclave
• Biometric: Face ID, Touch ID, or fingerprint
• Multi-Device: Sync across devices via iCloud Keychain, etc.

Adding Multiple Passkeys

You can register multiple passkeys:

• MacBook Pro (Touch ID)
• iPhone (Face ID)
• Windows PC (Windows Hello)
• YubiKey (hardware security key)
• Android phone (fingerprint)

Managing Passkeys

1. View All Passkeys

   • Go to Settings → Security → Passkeys
   • See all registered passkeys with:
     • Name (e.g., "MacBook Pro")
     • Created date
     • Last used date
     • Device type (single-device vs. multi-device)

2. Rename Passkey

   • Click the edit icon
   • Enter a new name
   • Click "Save"

3. Delete Passkey

   • Click the delete icon
   • Confirm deletion
   • Passkey is removed

Important: Always keep at least one authentication method active (password, OAuth, or passkey).

API Endpoints: Passkey Management

List Passkeys:

GET /api/v1/auth/passkeys
Authorization: Bearer <access_token>

Response:

{
  "passkeys": [
    {
      "id": "...",
      "name": "MacBook Pro",
      "created_at": "2025-01-15T10:00:00Z",
      "last_used_at": "2025-01-20T15:30:00Z",
      "backup_eligible": true,
      "backup_state": true,
      "credential_device_type": "multi_device"
    }
  ],
  "count": 1
}

Rename Passkey:

PUT /api/v1/auth/passkeys/{passkey_id}
Authorization: Bearer <access_token>
Content-Type: application/json
 
{
  "name": "iPhone 15 Pro"
}

Delete Passkey:

DELETE /api/v1/auth/passkeys/{passkey_id}
Authorization: Bearer <access_token>

Security Best Practices

Follow these recommendations to keep your account secure:

1. Enable 2FA

   • Use an authenticator app, not SMS
   • Save backup codes securely
   • Regenerate codes periodically

2. Use Strong Passwords

   • Minimum 12 characters recommended
   • Mix of uppercase, lowercase, numbers, symbols
   • Avoid common words or patterns
   • Use a password manager

3. Register Passkeys

   • Most secure authentication method
   • Register on multiple devices
   • Use hardware security keys for critical accounts

4. Monitor Account Activity

   • Review login history regularly
   • Check for unfamiliar devices
   • Immediately disable 2FA and change password if suspicious

5. Link Multiple OAuth Providers

   • Provides backup login methods
   • Reduces reliance on passwords
   • Easier account recovery

6. Keep Recovery Information Updated

   • Verify your email is current
   • Save backup codes in a safe place
   • Register multiple passkeys

Troubleshooting

Registration Issues

Issue 1: "An account with this email already exists"

Cause: You've already registered with this email, or someone else is using it.

Solution:

1. Try logging in instead of registering
2. Use the "Forgot password?" link if you don't remember your password
3. Check if you signed up using an OAuth provider (GitHub, GitLab, etc.)
4. If you believe this is an error, contact support

Issue 2: Password doesn't meet requirements

Cause: Your password is too weak or doesn't meet the security criteria.

Solution:

1. Ensure your password has at least 8 characters
2. Include at least one uppercase letter (A-Z)
3. Include at least one lowercase letter (a-z)
4. Include at least one number (0-9)
5. Example of valid password: SecurePass123

Good password examples:

• MySecure2025Pass!
• BlueSky#Mountains99
• Coffee@Morning2024

Avoid:

• password123 (too common)
• 12345678 (only numbers)
• abcdefgh (no numbers or uppercase)

Issue 3: Verification email not received

Cause: Email may be delayed, in spam folder, or blocked by your mail server.

Solution:

1. Check your spam/junk folder
2. Wait 5-10 minutes (email delivery can be delayed)
3. Add noreply@paasportal.io to your contacts
4. Check if your email provider blocks automated emails
5. Request a new verification email:

POST /api/v1/auth/resend-verification
Authorization: Bearer <access_token>
Content-Type: application/json
 
{
  "email": "user@example.com"
}

Issue 4: OAuth provider authorization fails

Cause: OAuth provider is not configured, or authorization was denied.

Solution:

1. Try a different OAuth provider
2. Clear browser cookies and try again
3. Check if you denied the authorization request
4. Ensure your OAuth account has a verified email
5. If problem persists, use email/password registration instead

Issue 5: Registration page shows "Registration disabled"

Cause: Email/password registration is disabled by the administrator.

Solution:

1. Use an OAuth provider (GitHub, GitLab, Google, Microsoft)
2. Contact your administrator to enable email/password registration
3. Check if you're on a custom deployment with restricted registration

Login Issues

Issue 1: "Invalid email or password"

Cause: Incorrect credentials entered.

Solution:

1. Double-check your email for typos
2. Ensure Caps Lock is off when typing password
3. Try the "Forgot password?" link to reset
4. If you signed up with OAuth, use the OAuth login button instead
5. Check if you have multiple accounts with different emails

Issue 2: 2FA code not working

Cause: Code expired, clock sync issue, or incorrect code.

Solution:

1. Wait for a new code to generate (codes change every 30 seconds)
2. Ensure your device's clock is accurate (TOTP requires time sync)
3. Try entering the code immediately after it appears
4. Use a backup code if available
5. Contact support if you've lost access to your authenticator

To use backup code:

• Enter one of your 8-character backup codes instead of 6-digit TOTP code
• Backup codes are single-use only

Issue 3: Account locked after multiple failed attempts

Cause: Too many failed login attempts triggered rate limiting.

Solution:

1. Wait 15-30 minutes before trying again
2. Use the "Forgot password?" flow to reset your password
3. Contact support if you believe your account was compromised

Issue 4: "Account is deactivated"

Cause: Your account has been deactivated by an administrator.

Solution:

1. Contact your organization administrator
2. Contact PaaSPortal support
3. Check your email for any account suspension notices

Issue 5: Passkey authentication fails

Cause: Passkey not recognized, browser incompatibility, or device issue.

Solution:

1. Ensure you're on a supported browser (Chrome, Edge, Safari, Firefox)
2. Check if your device supports WebAuthn/FIDO2
3. Try a different passkey if you have multiple registered
4. Use email/password or OAuth as a fallback
5. Re-register the passkey in Settings

Organization Creation Issues

Issue 1: "Organization name already taken"

Cause: Another organization with the same slug exists.

Solution:

1. Choose a more specific organization name
2. Add a suffix like your city or company identifier
3. System will automatically add a number suffix if needed

Issue 2: Cannot create organization after accepting invitation

Cause: You're already a member of an organization.

Solution:

1. You can create additional organizations from the dashboard
2. Navigate to the organization switcher (top-left dropdown)
3. Click "Create new organization"
4. Or leave your current organization first (requires non-owner role)

Issue 3: Slug generation creates unwanted URL

Cause: Auto-generated slug doesn't match your preference.

Solution:

1. Slugs are auto-generated and cannot be customized during creation
2. Contact support to request a slug change after creation
3. Choose an organization name that generates your desired slug

Email Verification Issues

Issue 1: Verification link expired

Cause: Verification links expire after 24 hours.

Solution:

1. Request a new verification email
2. Click the link immediately after receiving it
3. Check that you're clicking the most recent link

API Endpoint: Resend Verification Email

POST /api/v1/auth/resend-verification
Authorization: Bearer <access_token>

Issue 2: "Invalid verification token"

Cause: Link was already used or is malformed.

Solution:

1. Request a new verification email
2. Ensure you copied the complete link from your email
3. Don't click the link multiple times
4. Check if you're already verified in Settings

Issue 3: Verification email goes to wrong address

Cause: Email was changed after registration.

Solution:

1. Verification emails are always sent to your registered email
2. Change your email in Settings, then verify the new address
3. Cannot verify an old email address

Getting Help

If you're still experiencing issues:

1. Check System Status: Visit the status page for known issues
2. Documentation: Search this documentation for specific topics
3. Community Forum: Ask questions in the community forum
4. Support Tickets: Contact support with your issue details
5. Email: Send an email to support@paasportal.io

When contacting support, include:

• Your email address (not password)
• Description of the issue
• Steps to reproduce the problem
• Browser and device information
• Screenshots (if applicable)
• Any error messages received

Next Steps

Now that you've created your account and organization, here's what to do next:

Immediate Actions

1. Complete Email Verification

   • Check your inbox and verify your email
   • Enables full account functionality

2. Set Up 2FA

   • Go to Settings → Security
   • Enable two-factor authentication
   • Save your backup codes

3. Customize Your Profile

   • Update your display name
   • Upload an avatar
   • Set your timezone

4. Invite Team Members

   • Go to Settings → Members
   • Send invitations to your team
   • Assign appropriate roles

Getting Started with PaaSPortal

Continue your journey with these guides:

• Add Your First Server - Connect a server to host your projects
• Create Your First Project - Set up an Odoo project
• Deploy an Environment - Deploy your first Odoo instance
• Configure Git Integration - Connect your Git repository
• Set Up Backups - Configure automated backups

Learn More

Explore additional documentation:

• Organization Management - Manage your organization
• Permission System - Understand roles and permissions
• Billing & Plans - Subscription plans and pricing
• API Reference - Integrate with the PaaSPortal API
• Security Best Practices - Keep your account secure

Join the Community

• Discord Server: Join our Discord for real-time help
• GitHub Discussions: Share ideas and feedback
• Twitter: Follow @PaaSPortal (opens in a new tab) for updates
• Blog: Read tutorials and case studies

Security & Privacy

Data Protection

PaaSPortal takes security seriously:

• Password Hashing: Bcrypt with high work factor
• Token Security: JWT with short expiration times
• 2FA Support: TOTP-based two-factor authentication
• Passkey Support: WebAuthn/FIDO2 for passwordless auth
• OAuth Security: Industry-standard OAuth 2.0 flows
• Audit Logging: All account actions are logged
• Encryption: Data encrypted in transit (TLS 1.3)

Privacy Policy

• Your email is only used for authentication and notifications
• Profile information is visible only to your organization members
• OAuth tokens are encrypted and never logged
• Biometric data (passkeys) never leaves your device
• Account can be deleted at any time from Settings

Compliance

PaaSPortal is designed with compliance in mind:

• GDPR: Right to access and delete personal data
• CCPA: California privacy rights supported
• SOC 2: Type II compliance in progress
• Data Residency: Choose your data location

Frequently Asked Questions

Can I use multiple email addresses?

You can only have one primary email per account, but you can link multiple OAuth providers that may use different emails.

What happens if I forget my password and lose 2FA access?

Use one of your backup codes. If you've lost your backup codes, contact support with proof of identity.

Can I transfer organization ownership?

Yes, organization owners can transfer ownership to another member from Settings → Members.

How many organizations can I create?

You can create unlimited organizations, but each organization has its own resource quotas and billing.

Can I delete my account?

Yes, go to Settings → Account → Delete Account. This action is permanent and cannot be undone.

What happens to my data if I delete my account?

All your personal data is deleted. If you're the owner of organizations, you must transfer ownership or delete them first.

Can I change my email address?

Yes, go to Settings → Profile → Change Email. You'll need to verify the new email address.

Do I need to verify my email to use PaaSPortal?

Most features work without verification, but some organization-level actions require a verified email.

Can I use PaaSPortal without a password?

Yes, if you sign up using OAuth or register a passkey, you never need to set a password.

Is passkey support available on all browsers?

Passkeys work on modern browsers: Chrome 67+, Edge 18+, Safari 13+, Firefox 60+. Mobile browsers also support passkeys.

Need help? Contact our support team at support@paasportal.io or visit our Help Center.

Last Updated: January 2025 (Sprint 2E42 - Phase 1)