Skip to main content

Authentication

This page covers how administrators sign in to Cockpit and secure their account. It's distinct from how your application's end users authenticate — that's the authentication processes (email/SMS OTP) you configure for self-registration and login.

Logging in to Cockpit​

The login page offers three ways in:

  • Email + one-time code (default) — enter your email or mobile, Request a one-time code, then type the code we send.
  • Email + password — Login with password, then username + password.
  • Google — Log in with Google, using the Google account you registered with.

See Register & Log In.

info

Passwords are per-environment. If you reuse the same email across environments, a password only works for the environment where it was set — but you can always get in elsewhere with a one-time code.

Securing your account​

From Manage Account (the account dropdown) you control your own credentials — see Manage Account:

  • Password — set or change your password (minimum 10 characters).
  • 2FA — enable two-factor auth with an authenticator app: scan the QR code, then enter the verification code to confirm. You can disable it again later. (The 2FA tab appears once you have a password set.)
caution

Some safety-critical actions trigger a Security Verification Required step — you re-confirm with a one-time code sent to your email (or your 2FA / password) before the action proceeds.

Authentication tokens (programmatic access)​

Beyond interactive login, a user or administrator can hold authentication tokens for programmatic / API access — found in the expanded row on the Users (or Administrators) page. Generate authentication token takes a Token name and an Expiration date and time.

caution

A token's value is shown only once — "You will not be able to access it again after you close this modal." Copy it immediately. Delete tokens you no longer need.

End-user authentication​

Your application's patients, HCPs, and devices don't log in to Cockpit. They authenticate against your app via authentication processes — email or SMS one-time codes, configured per channel and user type. OTP delivery requires a configured message gateway in External Services.

Where to go next​

Cardinal SDK reference: Initialize the SDK, Set up 2FA, and Remember me — authenticating end users from your app.