Security ceremony
Password + MFA
After password verification, the operator flow continues through the audited TOTP or WebAuthn ceremony.
Operator entry
Operator Access
Use password plus TOTP or WebAuthn to continue.
Awaiting operator authentication
Redirect target
Return to /operator/dashboard after verification
The shell keeps the target explicit so protected operator routes never depend on hidden client redirects.
Login shell
Open the operator dashboard
Live action
Password verification submits to the operator GraphQL API and continues through TOTP or WebAuthn when the backend returns a challenge.