Skip to content

Accounts And Access

XRXP includes basic operator account management in the dashboard.

First installation

On a new deployment, the dashboard exposes a setup flow at /setup.

That page creates the first administrator, who can then:

  • approve new users
  • create service tokens
  • manage the rest of the installation

User approval flow

New signups are not immediately operators.

Typical flow:

  1. a user signs up
  2. the account is created in PENDING state
  3. an admin reviews the request
  4. the admin promotes the user to USER or ADMIN, or deletes it

Roles in practice

  • PENDING: waiting for approval
  • USER: can use the dashboard
  • ADMIN: can manage users and service tokens

Service tokens

Service tokens are used by integrations such as Unity clients and automation.

Important behavior:

  • the token secret is shown once at creation time
  • operators should copy and store it securely
  • expired or unused tokens can be revoked from the admin page

Account settings

The account page at /account lets operators:

  • view their profile and role
  • change their password
  • access admin pages if they have the admin role

Password change

The password change form is present in the dashboard UI, but the backend endpoint is not yet implemented. This feature will be connected in a future release.

Operational advice

  • create named tokens per environment or device fleet
  • avoid sharing one token across every integration
  • rotate tokens if a device image or project has been widely shared