R.APPs Partners LogoSlash

R.APPs Partners

Slash

Docs

HomeDocs
User GuideDonationsCallsReportsSettingsAuthenticationBackend

Authentication Overview

User authentication, account access, and password management in the Partners application

Open in R.APPs
Co-authored by
Dien BasseyRHEMA Nigeria
Joshua AdamsRHEMA Nigeria

Overview

The Partners application uses a secure authentication system to protect user data and ensure only authorized personnel can access partner information. This section covers the complete authentication flow including login, account activation, and password management.

Authentication Methods

The application supports the following authentication workflows:

Email and Password Login

Standard authentication for existing users:

  • Enter registered email address
  • Enter password
  • Optional "Remember Me" for extended sessions
  • Secure session management
  • Automatic redirect to dashboard

Use Case: Daily login for staff members who already have active accounts.

Accept Invitation (New Users)

Invitation-based account activation for new team members:

  • Receive email invitation from administrator
  • Click secure invitation link
  • Set initial password
  • Account automatically activated
  • Immediate access granted

Use Case: Onboarding new staff members to the Partners application.

Password Reset

Self-service password recovery:

  • Request magic link via email
  • Click secure link in email
  • Set new password
  • Automatic sign-in

Use Case: Users who forgot their password or need to change it for security reasons.

Key Features

Secure Authentication

Password Requirements:

  • Minimum 8 characters
  • At least one uppercase letter
  • At least one lowercase letter
  • At least one number
  • Password strength indicator

Security Measures:

  • Encrypted password storage
  • Secure session tokens
  • HTTPS-only transmission
  • Token expiration (1 hour for password reset)
  • Protection against brute force attacks

Session Management

Remember Me Option:

  • Extended session duration
  • Automatic re-login on return visits
  • Secure token storage

Session Security:

  • Automatic timeout after inactivity
  • Secure logout functionality
  • Session validation on each request

User-Friendly Experience

Password Visibility Toggle:

  • Eye icon to show/hide password
  • Helps prevent typos
  • Maintains security

Error Handling:

  • Clear error messages
  • Helpful guidance
  • No sensitive information leaked

Loading States:

  • Visual feedback during authentication
  • Prevents duplicate submissions
  • Professional user experience

Authentication Flow

Standard Login Flow

  1. User navigates to login page
  2. Enters email and password
  3. Optionally checks "Remember Me"
  4. Clicks "Sign In" button
  5. System validates credentials
  6. On success: Redirects to dashboard
  7. On failure: Shows error message

Invitation Acceptance Flow

  1. Administrator sends invitation email
  2. User receives email with secure link
  3. User clicks invitation link
  4. System verifies token validity
  5. User sees welcome screen with account details
  6. User sets password (with strength indicator)
  7. User confirms password
  8. System activates account
  9. User automatically logged in
  10. Redirects to dashboard

Password Reset Flow

  1. User clicks "Forgot Password" on login page
  2. Enters email address
  3. System sends magic link email
  4. User receives email
  5. User clicks secure link
  6. System validates token
  7. User sets new password
  8. User confirms new password
  9. System updates password
  10. Success message displayed
  11. Automatic redirect to login

Security Best Practices

For Users

Password Security:

  • Use unique, strong passwords
  • Don't share passwords with anyone
  • Change password if compromised
  • Enable "Remember Me" only on personal devices

Account Security:

  • Log out when finished
  • Don't save passwords in browsers on shared computers
  • Report suspicious activity immediately
  • Keep email account secure (password reset link sent there)

Invitation Links:

  • Use invitation link within 24 hours
  • Don't share invitation links
  • Verify email sender before clicking links

For Administrators

User Management:

  • Only invite authorized personnel
  • Revoke access when staff leaves
  • Monitor failed login attempts
  • Regular security audits

Invitation Process:

  • Verify email addresses before sending invitations
  • Use secure channels to communicate
  • Set appropriate roles and permissions
  • Track invitation status

Common Authentication Scenarios

First-Time User

  1. Receive Invitation: Administrator sends invitation email
  2. Access Link: Click invitation link from email
  3. Review Details: Verify name, email, and role
  4. Set Password: Create strong password
  5. Activate Account: Click "Activate Account"
  6. Start Using: Immediately access Partners application

Daily Staff Member

  1. Navigate to Login: Go to partners.rhema.app/auth/login
  2. Enter Credentials: Email and password
  3. Check Remember Me: Optional for convenience
  4. Sign In: Click button to access dashboard
  5. Work: Access partner information
  6. Sign Out: Log out when finished

Forgotten Password

  1. Attempt Login: Try to sign in but forgot password
  2. Click Link: "Forgot your Password?" link
  3. Enter Email: Provide registered email address
  4. Check Email: Look for magic link email
  5. Click Link: Open link from email
  6. Set Password: Create new password
  7. Confirm: Re-enter new password
  8. Complete: Automatic sign-in

Compromised Account

  1. Detect Issue: Notice suspicious activity
  2. Report: Contact administrator immediately
  3. Reset Password: Use password reset flow
  4. Update Password: Create new, unique password
  5. Verify: Check account activity
  6. Monitor: Watch for further suspicious activity

Troubleshooting

Cannot Login

Possible Causes:

  • Incorrect email or password
  • Account not yet activated
  • Account suspended
  • Browser issues (cookies, cache)

Solutions:

  1. Verify email address (check spelling)
  2. Verify password (check caps lock)
  3. Check for invitation email if new user
  4. Use password reset if forgotten
  5. Clear browser cache and cookies
  6. Try different browser
  7. Contact administrator if still unable to login

Possible Causes:

  • Link expired (older than 24 hours)
  • Link already used
  • Invalid token
  • Email client modified link

Solutions:

  1. Check email date (recent invitation?)
  2. Request new invitation from administrator
  3. Copy full link (don't click truncated version)
  4. Try different browser
  5. Contact administrator for new invitation

Password Reset Email Not Received

Possible Causes:

  • Email in spam folder
  • Wrong email address entered
  • Email delivery delay
  • Email server issues

Solutions:

  1. Check spam/junk folder
  2. Verify email address spelling
  3. Wait 5-10 minutes for delivery
  4. Try again with correct email
  5. Contact administrator if persistent issue

Password Requirements Not Met

Possible Causes:

  • Password too short (less than 8 characters)
  • Missing uppercase letter
  • Missing lowercase letter
  • Missing number
  • Password too weak

Solutions:

  1. Use at least 8 characters
  2. Include uppercase letter (A-Z)
  3. Include lowercase letter (a-z)
  4. Include number (0-9)
  5. Consider adding special character for strength
  6. Check password strength indicator
  7. Use password manager to generate strong password

Next Steps

Ready to get started? Choose your scenario:

  1. New User - Set up your account from invitation
  2. Existing User - Sign in to your account
  3. Forgot Password - Reset your password
  4. Admin - Manage user accounts and invitations

Login

Sign in to your Partners account with email and password

On this page

Overview
Authentication Methods
Email and Password Login
Accept Invitation (New Users)
Password Reset
Key Features
Secure Authentication
Session Management
User-Friendly Experience
Authentication Flow
Standard Login Flow
Invitation Acceptance Flow
Password Reset Flow
Security Best Practices
For Users
For Administrators
Common Authentication Scenarios
First-Time User
Daily Staff Member
Forgotten Password
Compromised Account
Troubleshooting
Cannot Login
Invitation Link Not Working
Password Reset Email Not Received
Password Requirements Not Met
Related Topics
Next Steps