Logging in & roles¶

Logging in¶

Open https://AMPORA_HOST and click Log in. You are bounced to your identity provider. After authentication you land on the Dashboard with your name and role in the top-right.

If the OIDC bounce loops without landing on the Dashboard, see Operator → Troubleshooting → OIDC.

Roles¶

Ampora has three roles. Your role is read from the OIDC claim configured by your operator (defaults to ampora:role).

The role badge appears next to your name. Buttons that need a higher role are visible but disabled with a tooltip explaining what is needed.

First user becomes Admin¶

The first user to log in to a brand-new Ampora is bootstrapped as Admin regardless of OIDC claim. After that, the role from the claim takes over. This is by design — it lets you log in once with a pre-configured account, set up the OIDC role mapping, and have it apply on the second login.

Switching tenants¶

If your account has access to more than one tenant (multi-tenant deployments only):

• User menu → Switch tenant.
• Pick the tenant from the list.
• The page reloads with that tenant active.

The active tenant is shown next to your name. Cross-tenant data is never mixed in any view; the URL also encodes the tenant so deep links remain unambiguous.

Logging out¶

User menu → Log out. You are bounced through the IdP's logout endpoint, then back to the Ampora login page. Single sign-out clears the IdP session as well; if you only want to leave Ampora and stay logged in to the IdP, close the browser tab instead.

Keyboard shortcuts¶