For admins
Per-tenant login + password recovery
Every workspace has its own login, forgot-password, and reset pages — branded with that workspace's logo/colors/fonts.
Pages
- /p/<tenant>/login — branded sign-in
- /p/<tenant>/forgot-password — email + send link
- /p/<tenant>/reset-password/<token> — set a new password
- /p/<tenant>/accept-invite/<token> — accept an invite + set initial password
Tenant-scoped tokens
Tokens carry a signed tenant binding. A link issued for tenant A is rejected if it lands inside tenant B's portal — even if the URL slug is swapped manually.
Sign-in routing
- Instructors + admins land on /dashboard.
- Students land on /p/<tenant>/courses.
Why per-tenant (not one shared login)
Each workspace's accounts are completely separate, and so is its login. That means a student sees only your brand when they sign in — your logo, colours and name — never a generic platform login. It also keeps data cleanly isolated: someone with an account at one academy isn't automatically known to another.
Common questions
- Is there one password across academies? No — each workspace is its own account namespace; a learner signs in per academy.
- Can a reset link be reused on another workspace? No — tokens are tenant-bound and rejected if the slug is swapped.
- Where do invited users set their password? On the branded accept-invite page from the invite email.
- Does it work on my custom domain? Yes — these pages render under your domain with your branding once it's connected.
Related