Admin access

Protected admin sign-in

The admin area now uses Auth.js-backed email and password sign-in. Authorized admin roles still gate access, and all admin accounts require TOTP two-factor authentication before the read-only dashboard opens.

Current access status

The development-only admin fallback is intentionally disabled outside a local non-Vercel development runtime.

Email and password admin access

Admin accounts should use password authentication plus TOTP 2FA. Compatible authenticator apps include Google Authenticator, Authy, 1Password, Bitwarden, and similar TOTP clients.

Only authorized Sanctuary Natives admin accounts can enter this area. Seeded launch admins include Nikki and Sven, and every admin session must complete TOTP 2FA before the dashboard opens.

Local development fallback

Nikki and Sven remain seeded launch admins. During local development only, SANCTUARY_ENABLE_DEV_ADMIN_FALLBACK must be set to true and SANCTUARY_DEV_ADMIN_EMAIL can still unlock read-only admin access when no real Auth.js session exists. This fallback is intentionally disabled whenever Vercel is set and should never be configured in Preview or Production.

Return to Sanctuary Natives