Logging in and first-time setup
The dashboard at dashboard.drukverify.com has three entry-points: signing in as an existing user, accepting an invite as a new teammate, and the initial-admin setup flow when a tenant is first provisioned.
Returning users — sign in
- Open dashboard.drukverify.com, enter your email, hit Continue.
- Enter your password.
- Enter your 6-digit TOTP code from your authenticator app (Google Authenticator, 1Password, Authy, etc.). If you've lost access to your authenticator, click Use a backup code instead — each backup code is single-use.
On success the dashboard mints a dv_dash session cookie and redirects to /. Sessions expire after a fixed window; you'll be sent back to /login automatically.
First-time setup (initial admin)
When your tenant is first provisioned, ops sends you a one-time setup link of the form dashboard.drukverify.com/setup?token=<setup-token>. The token is single-use and time-bound (typically 24 hours).
- Open the link. The page validates the token and shows the email address it's bound to.
- Choose a password (rules enforced by the page — minimum length, mixed characters).
- Confirm the password and submit.
- You're redirected to
/setup/totp?user=<id>to enroll your TOTP factor:- Scan the QR code with your authenticator app, or
- Tap the manual-entry secret and paste it into your app.
- Enter a 6-digit code to verify the binding worked.
- Save the 8 backup codes shown — they're shown exactly once. Each is single-use and lets you log in if you lose access to your authenticator. Store them somewhere safe (password manager, sealed envelope, etc.).
Once TOTP is bound and a backup-code set is acknowledged, the dashboard mints your first dv_dash cookie and lands you on /.
Accepting an invite (teammate flow)
If an existing admin invites you, you'll receive an email with a link of the form dashboard.drukverify.com/setup?invite=<invite-token>. The flow is identical to the initial-admin setup above except:
- The page shows the tenant name you're joining (not "creating") in the header.
- The role assigned by the inviting admin (admin / developer / viewer) is fixed; you don't pick it.
Invite tokens expire in 7 days. If yours has expired, ask the inviting admin to re-send from the Team page.
Lost authenticator + backup codes gone
Contact ops@drukverify.com from the email address tied to your dashboard user. Ops will reset the TOTP binding after out-of-band identity verification. You'll then re-enroll TOTP and receive a fresh backup-code set.
Session lifecycle
dv_dashis a short-lived HTTP-only signed cookie. Don't try to read its value from JavaScript — there's nothing useful there.- A given user can be signed in from multiple devices simultaneously.
- Signing out clears the cookie on the current device only. To revoke all sessions for a user (e.g. a departed teammate), have an admin remove them from the Team page — that invalidates every active session for that user.