Secured operator access

Enter the LionSilica command basin.

Secure owner access is bound to the configured operator identity. When a signed owner session is already active, the basin opens directly. If authenticator hardening is enrolled, the flow steps forward cleanly without losing the route target.

Secure entry posture
Owner bindingCanonical owner email and owner user id are enforced server-side.
Operator sessionCookies are signed with the secure session secret. The owner session is required for every admin route.
Authenticator hardeningMFA enrollment continues when persistent admin storage is active. If the deployment is running in single-owner env mode, the owner session opens directly without a broken extra step.
Target surface/admin/command-center
MFA setupCommand Basin
Owner session
Access routeUse the canonical owner email. When persistent admin records are active, this flow continues through password and MFA. When the deployment is running in env-backed owner mode, the command basin opens directly.

Checking for an active secure owner session…

MFA verify