Skip to main content

Initialize the Super Admin Account

Role: Super Admin 🛡️

This is the very first step of the project lifecycle — it must run before any Phase 1 action. The database migration seeds a Super Admin account into the system; your job is to set the password for this account yourself through the Forgot password flow before signing in for the first time and continuing to onboard the team.

Prerequisites

  • The backend has been deployed and connected to PostgreSQL; the SMTP (mail service) configuration is working so the system can send reset password emails.
  • The backend-api/.env file has the SUPERADMIN_EMAIL variable pointing to the official email address of the Super Admin (e.g. ai-powerdesk@smartosc.com). The seeder uses this value to create the account, and it is also the address that will receive the reset password email in the steps below.
  • The BASE_URL_FE variable in .env points to the correct frontend domain — the backend injects this value into the reset password link in the email sent to the Super Admin.
  • The database migration + seed ran successfully (details in the Database Migration Guide). When the backend-api container starts up in the staging/production environment, the migration:runseedstart steps run in order automatically, and the seeder will pre-create a superadmin user bound to SUPERADMIN_EMAIL.
Pre-created account

Once seeding is complete, the system has a user with username = superadmin, email = SUPERADMIN_EMAIL, role SUPER_ADMIN, and the isAdmin = true flag — but the password is hashed from a random string that nobody knows. This is why you must go through the Forgot password flow to set your own password.

How-to

Step 1 — Set the initial password via the Forgot password flow

Instead of using a system-generated password, the Super Admin sets their own password using the Forgot password feature:

  1. Open a browser and go to the AIPD sign-in page.
  2. On the login screen, click the "Forgot password?" link (right below the password field).
  3. In the Forgot password form, enter the email that matches the SUPERADMIN_EMAIL value configured in .env. Click "Send" (or "Submit") to submit the request.
  4. The system shows a confirmation that the email has been sent. Open the inbox of that address and find the "Reset Password" email sent by AIPD (if you don't see it, check the Spam/Junk folder).
  5. Click the "Reset Password" button/link in the email. The link has the form ${BASE_URL_FE}/reset-password?token=..., is single-use, and has a short expiration — set the password right away.
  6. On the reset page, enter a new password and confirm the password (pick a strong password — see the recommendation below). Click "Confirm" to save.
  7. Go back to /admin/ and sign in with:
    • Username / Email: superadmin or SUPERADMIN_EMAIL.
    • Password: the password you just set in step 6.

If sign-in succeeds, you will be taken to the Admin dashboard — the Super Admin account is ready.

Password rules

Pick a strong password (at least 12 characters, mixing upper/lower case letters, numbers, and special characters). This account has isAdmin = true, so it holds full system privileges — including creating/deleting users, managing permissions, and managing projects.

Not receiving the email?
  • Check the backend SMTP configuration (host, port, credentials, sender) and the backend-api logs to see whether sendResetPasswordEmail is throwing errors.
  • Make sure the email you entered matches SUPERADMIN_EMAIL exactly — if you enter a different email, the system still returns a success response (to avoid leaking user information) but no email is actually sent.
  • Check BASE_URL_FE — if it is wrong, the link in the email will point to a non-existent domain.
  • Check the Spam/Junk folder and whitelist the sender domain if needed.

Step 2 — (Optional) Update profile information

After signing in successfully, open Users (in the System Management group) in the sidebar, find the superadmin row, and click the pencil icon ✏️ to update additional fields:

  • Full Name — the full display name of the person who owns the Super Admin account.
  • Title, Division, Center — internal organizational information.
  • Language — the default UI language (en / vi / jp).

These fields are optional but help the audit log and the History screens display clearer information in later phases.

Next step

After the Super Admin has set a password and signed in successfully, move on to Phase 1 — Create platform users to create accounts for the remaining platform members.