Sign in
Sign in with your account
No account yet?
You can request access โ your administrator will review your request and email you. Alternatively, if a Supervisor or Admin has sent you an invitation email, follow the activation link in that email to set your initial password and accept the internal-use notice.
Access controls in force
- Account-based authentication โ email plus a password verified against a salted scrypt hash; sessions are delivered as a signed, HTTP-only, SameSite=Lax cookie.
- Rate limiting on login and password-reset routes to slow brute-force attempts.
- CSRF protection on every state-changing form (HMAC-bound double-submit cookie).
- Defensive HTTP headers (CSP, X-Frame DENY, nosniff, Referrer-Policy, Permissions-Policy, COOP/CORP) plus Cache-Control on sensitive paths.
- Disabled accounts cannot sign in; existing sessions are revoked on the next request.
- Audit trail records every authentication event.