← Back to documentation

Account Access

Complete guide to authentication workflows in PayloadRelay, including SSO and recovery.

8 min read

Use this guide for login, recovery, confirmation, and invitation access flows.

Purpose

This page covers:

  • Login (password and OAuth).
  • Password reset request + consume.
  • Email confirmation preview + consume.
  • Organization invitation preview + accept.

Prerequisites and permissions

  • Access to the sign-in, password reset, email confirmation, and invitation pages.
  • Signup may not be available for every workspace.
  • Valid links are required for confirmation, reset, and invitation flows.

Step-by-step workflow

A. Sign in

  1. Open the sign-in page.
  2. Choose email/password, or OAuth (Google, Microsoft, Apple) when enabled.
  3. Successful sign-in redirects you to the app.

If email is unconfirmed, use Resend confirmation email and complete the confirm flow.

B. Reset password

  1. Open the password reset request page.
  2. Submit your email address.
  3. Open the reset link from your email.
  4. Enter and submit your new password.

Rules:

  • New password must be at least 8 characters.
  • Reset links are single-use and time-bound.

C. Confirm account email

  1. Open the confirmation link from email.
  2. Select Confirm email on the confirmation page.

If validation fails, request a fresh confirmation email.

D. Accept organization invitation

  1. Open the invitation acceptance link.
  2. Review the organization invitation details.
  3. Set a password and optional display name.
  4. Submit the invitation acceptance form.

Rules:

  • Password must be at least 8 characters.
  • Password and confirmation must match.

Expected result and verification checks

  • Login grants access to authenticated pages.
  • Reset flow allows login with the new password.
  • Confirm flow marks email as confirmed.
  • Invitation acceptance creates account access in the target organization.

Common issues and fixes

  • Missing token error: use the latest link from email.
  • OAuth button missing: provider is not configured in this environment.
  • Invitation rejected: token may be expired/revoked; ask org admin to resend.
  • Login denied after account changes: clear stale cookies and retry.

Related guides

← Back to documentation