For admins
Per-tenant login + password recovery
Every workspace has its own login, forgot-password, and reset pages — branded with that workspace's logo/colors/fonts.
Pages
- /p/<tenant>/login — branded sign-in
- /p/<tenant>/forgot-password — email + send link
- /p/<tenant>/reset-password/<token> — set a new password
- /p/<tenant>/accept-invite/<token> — accept an invite + set initial password
Tenant-scoped tokens
Tokens carry a signed tenant binding. A link issued for tenant A is rejected if it lands inside tenant B's portal — even if the URL slug is swapped manually.
Sign-in routing
- Instructors + admins land on /dashboard.
- Students land on /p/<tenant>/courses.