Skip to Content
Getting Started

Getting Started: Access, Onboarding & Public Pages

Onboarding (First-Time Setup)

The onboarding wizard runs once for the organization owner immediately after the first sign-in. It collects everything needed to make the CRM ready on day one. Progress is saved after each step, so the wizard can be resumed if interrupted. If onboarding has already been completed, the app redirects directly to the admin dashboard.

Step 1 — Account Type

What it is. The owner chooses between two operation types: Business (1–5 employees, suited for independent dealers and solo operations) or Corporation (5–25 employees, suited for structured teams with multiple roles). The selection can be changed later in Settings.

What you can do here. Select one account type to continue. The choice tailors default capabilities and seat expectations throughout the CRM.

Who can access. Organization owner only, on first sign-in.

Step 2 — Organization

What it is. Core identity for the workspace: the display name, company logo, brand color, invoice number prefix, default currency, and timezone.

What you can do here.

  • Enter the organization name (required to advance).
  • Upload a company logo (JPEG, PNG, or WebP up to 5 MB) by drag-and-drop or file picker. The logo is used on invoices and documents.
  • Pick a brand accent color used across documents and the CRM.
  • Set an invoice prefix (up to 6 characters) that prefixes all invoice numbers.
  • Choose the default currency (USD, EUR, GBP, CHF, SGD, AED, HKD, CAD, AUD, JPY) and the organization’s timezone.

Who can access. Organization owner only.

Step 3 — Business Details

What it is. Legal and operational details that power invoices, compliance records, and banking.

What you can do here.

  • Enter the registered legal business name, business phone, and website.
  • Provide a full mailing address (street, city, state, postal code, country).
  • Set an annual sales target in the chosen currency (the wizard shows the monthly equivalent).
  • Optionally expand the “Invoice essentials” panel to add: tax ID / EIN / VAT registration, default tax rate (%), standard payment terms (e.g. “Net 30”), and wire/bank transfer details (bank name, account name, account number, ABA routing number, SWIFT/BIC, and bank address). Wire details print on invoices once both bank name and account number are saved. US routing numbers must be exactly 9 digits; SWIFT/BIC must be 8 or 11 characters.

Who can access. Organization owner only.

Step 4 — Ownership

What it is. The equity split among founders and partners. Recording this here makes the Capital view in the CRM ready on day one without manual data entry later.

What you can do here.

  • Add one or more named equity partners with their ownership percentage.
  • The total must not exceed 100% (partial or reserved equity below 100% is allowed).
  • Set org-level commission defaults: a default seller commission percentage (0–50%) and the company-vs-investor profit split (the percentage the company retains, with the remainder going to investors).

Who can access. Organization owner only. These defaults are stored for reference and do not retroactively affect any existing sales.

Step 5 — Team & Network

What it is. Provisioning of staff logins and registration of the investor and broker network.

What you can do here.

  • Add team members (managers and staff) by name, email, and role. Each valid entry creates a real sign-in account with a temporary password. Temporary passwords are shown exactly once — the owner must copy and distribute them before advancing. The wizard blocks the Continue action until the owner confirms the passwords are copied.
  • If a seat cap for the plan is reached, skipped members are listed with a reason.
  • Register external investors: display name, email, phone, profit-split percentage, and committed capital (stored as intent; actual balances require a separate deposit step).
  • Register external brokers: name, email, phone, and default commission percentage.

Who can access. Organization owner only.

Step 6 — Import

What it is. Bulk import of existing inventory and contacts from CSV files.

What you can do here.

  • Download a template CSV for inventory (columns: brand, model, reference_number, condition, purchase_price, asking_price, status) or contacts (columns: full_name, email, phone, company, type, notes).
  • Upload a completed CSV. The import reports how many rows were imported, how many were skipped, and any per-row errors.
  • This step is optional and can be skipped; data can be added manually after onboarding.

Who can access. Organization owner only.

Step 7 — Wallets & Inbox

What it is. Optional activation of crypto wallet capabilities and selection of the messaging inbox.

What you can do here.

  • Enable USDC/USDT crypto wallets via Orb Wallet. When activated, the wizard checks whether the Terms of Service need to be accepted first. If so, a link is provided to accept them before retrying. In development/staging mode (mock mode), a banner makes clear that real funds are not involved.
  • Indicate the messaging inbox choice (WhatsApp or other) — this choice is recorded for provisioning.

Who can access. Organization owner only.

Step 8 — Review

What it is. A read-only summary of all data collected across the previous steps. Every section shows an Edit link to jump back to that step and change anything before finalizing.

Who can access. Organization owner only.

Step 9 — Done

What it is. The final step. Onboarding is marked complete, sensible defaults are seeded in the background (default chat folders, inbox tags, quick-reply templates, WhatsApp message templates, business hours, an AI copilot knowledge base, and plan limits), and the owner is sent to the admin dashboard. Once marked complete, the wizard cannot be re-entered — returning to /onboarding redirects to the dashboard.

Who can access. Organization owner only.

Signing In & Account Security

Login

What it is. The main entry point for all authenticated users.

What you can do here. Sign in to reach your workspace. In production, sign-in is handled by Orb Ledger’s hosted authentication (WorkOS AuthKit) — you enter your credentials on the secure hosted sign-in screen and are returned to the app. A built-in email-and-password form (with a Google sign-in option) also exists and is used in local and legacy deployments. First-time visitors without an account can navigate to registration from this page.

Who can access. Anyone with an active Orb Ledger account (owner, manager, staff, viewer, broker, investor). The seller role’s portal is disabled for launch, so seller logins are blocked.

Registration (Sign Up)

What it is. New account creation.

What you can do here. Enter a name, email, and password (minimum 8 characters), or sign up via Google. After submitting, a confirmation email is sent and you are directed to the Confirm Email page. Note: Self-serve sign-up can be disabled by the platform (controlled by a feature flag). When disabled, the registration page explains that access must be requested from an administrator.

Who can access. Anyone who has not yet created an account. Invited team members do not need to register here — they use the Accept Invite flow instead.

Email Confirmation

What it is. The email verification gate that activates a newly registered account.

What you can do here. Open the confirmation link sent to your email address to activate the account. The page provides a link to resend the confirmation email if it did not arrive.

Who can access. Newly registered users before their email is confirmed.

Accept Invite

What it is. The onboarding flow for team members added by an admin or through the onboarding wizard.

What you can do here.

  • If you arrived via a Supabase email invite link (the link in the invitation email), the page automatically detects your session tokens and either prompts you to set a password or confirms your identity.
  • If you arrived via a manually shared invite link (no session tokens in the URL), you are asked to enter your email and choose a password (minimum 8 characters, confirmed), or sign in with Google. Google sign-in verifies that the Google account’s email matches the invited address.
  • The page validates the invite token on load and shows whether the invitation is valid or has expired.

Who can access. Users who have received an invite link from an organization owner or admin.

Accept Terms (Investor Agreement)

What it is. A mandatory agreement gate for investor-role accounts before they can access the investor dashboard.

What you can do here. Read the investor agreement (covering risk disclosure, investment discretion, and withdrawal terms) and check the acceptance box to proceed. Accepting records the agreement version and redirects to the investor dashboard. This page is encountered only once per account.

Who can access. Investor-role users who have not yet accepted the current agreement version.

Two-Factor Authentication (2FA)

What it is. A TOTP-based (Time-based One-Time Password) second factor that can be required at login or set up voluntarily.

What you can do here.

  • Login challenge (verify mode): If 2FA is enabled on your account, you are redirected here after password sign-in. Enter the 6-digit code from your authenticator app (or paste it) to complete sign-in. An invalid code clears the inputs and lets you retry.
  • Setup mode: Scan the QR code displayed with an authenticator app such as Google Authenticator, Authy, or any TOTP-compatible app, then enter the 6-digit code to confirm enrollment. On success, 2FA is enabled and you are returned to Settings.

Who can access. All authenticated users. Setup is available through account settings. The verify challenge appears automatically at login for accounts with 2FA enabled.

Login PIN

What it is. A 6-digit PIN sent to a phone number as an alternative verification step. This page is scaffolded but the underlying send-again functionality is not yet active.

Who can access. Users directed here by a PIN-based flow (not currently in production use).

Password Recovery

What it is. The self-service password reset flow for users who cannot sign in.

What you can do here. Enter the email address associated with your account. A secure reset link is sent by email.

Who can access. Anyone with a registered account.

Create Password

What it is. The page where a reset link lands, allowing you to set a new password.

What you can do here. Enter and confirm a new password of at least 8 characters.

Who can access. Users who have clicked a valid password-reset link from their email.

Lock Screen

What it is. A session-lock interstitial that protects an already-authenticated workspace. The user’s name is displayed on the lock screen.

What you can do here. Enter your password to unlock and resume your session. If you need to switch accounts, a link is provided to sign in as a different user.

Who can access. Any authenticated user whose session has been locked (e.g. after inactivity or manual lock).

Account Deactivation

What it is. A temporary self-suspension of an account. Deactivation hides the profile without deleting data.

What you can do here. Confirm deactivation. The account is hidden until the user logs back in, at which point it is automatically reactivated.

Who can access. Authenticated users who want to temporarily suspend their own account.

Logout

What it is. The signed-out confirmation screen. On load, the page records the session end in the audit trail, then clears your authenticated session. The user’s data is untouched.

What you can do here. Sign back in via the button on the page.

Who can access. All users who have just signed out.

Role Disabled

What it is. An access-blocked screen shown when an account has a role that is not enabled in the current environment.

What you see here. A message explaining the restriction and instructions to contact the tenant owner. A sign-out button is provided to clear the session.

Who can access. Users whose assigned role has been disabled by the platform.

Suspended

What it is. An access-blocked screen shown when an account has been suspended by an administrator.

What you see here. A message confirming the suspension and a prompt to contact support if it is believed to be an error. A link back to the login page is provided.

Who can access. Users whose account has been suspended by an owner or admin.

Public & Dealer-Facing Pages

Company Storefront (/[company])

What it is. A public, no-login inventory page for a specific dealer organization, accessible via the organization’s URL slug (e.g. /benchmark-watches). Only watches explicitly marked public and with a status of active, in-stock, or available are shown — sold and archived watches are excluded.

What you can do here. Browse the dealer’s publicly listed inventory, including brand, model, reference number, year, condition, and asking price (or “Price on request” when not listed). A link to the wholesale-access page is shown in the header.

Who can access. Anyone, no account required. The organization must be active and not deleted.

Wholesale Access (/[company]/wholesale)

What it is. A passcode-protected version of the dealer’s inventory page, intended for trade buyers. If the organization has not set a wholesale passcode in their settings, the page returns a 404.

What you can do here. Enter the passcode shared by the dealer to unlock full inventory including box/papers status. A successful passcode is remembered for the browser session so you do not need to re-enter it on the same visit.

Who can access. Anyone with the wholesale passcode provided by the dealer. No account required.

Individual Dealer Public Page (/public/[slug])

What it is. A personal public-facing inventory page for an individual dealer user (rather than the organization as a whole). The page is driven by per-profile public settings: the dealer can set a page title, bio, location, specialties, logo, and contact channels (WhatsApp, Instagram, email, phone). The page is only live when the profile owner has explicitly enabled it.

What you can do here. View the dealer’s biography and contact information. Browse their actively listed public watches with photos, condition, box/papers status, year, and asking price. Contact the dealer via the channels they have made available.

Who can access. Anyone, no account required. Returns 404 if the dealer has not enabled their public page.

What it is. A tokenized single-watch detail page used by dealers to share an individual listing with a prospective buyer outside the CRM.

What you can do here. View detailed information about one specific watch: brand, model, reference number, condition, box/papers status, year, estimated market value (if provided), asking price, photos, and an AI-generated summary. The page is public but unguessable — access requires the exact token.

Who can access. Anyone who holds the share link generated by the dealer. No account required. Returns an error if the token is expired or invalid.

Hosted Crypto Checkout (/pay/[token])

What it is. A standalone, mobile-first payment request page used by dealers to collect USDC or USDT from buyers, without requiring the buyer to have an Orb Ledger account. The page is not indexed by search engines.

What you can do here.

  • View the amount due, the dealer’s name and logo, and a reference number.
  • Choose a payment chain (Polygon, Ethereum, Base, or Tron) and see the deposit address with a QR code for scanning.
  • Copy the deposit address with a single tap.
  • Monitor a live countdown to the payment expiry.
  • Once payment is detected on-chain, the page automatically transitions to a branded receipt that can be saved or printed.

Who can access. Anyone who holds the payment link. No account required. The token is the credential; the page returns an error if the token is expired, cancelled, or already paid.

Pricing Page (/pricing)

What it is. A public marketing page listing the three subscription plans available on Orb Ledger.

What you see here. Three tiers — Starter ($79/mo, up to 100 watches and 2 team members), Growth ($179/mo, up to 500 watches and 10 team members), and Scale ($349/mo, unlimited watches and team members). Each plan lists its included features. All call-to-action buttons lead to the registration page.

Who can access. Anyone. No account required.

Coming Soon (/coming-soon)

What it is. A placeholder page displayed when a feature or section is not yet available. Shows a countdown timer and a notify-me form.

Who can access. Anyone.

Maintenance (/maintenance)

What it is. A scheduled-downtime screen shown when the platform is undergoing maintenance. Provides a “Try again” button that attempts to return the user to their role’s normal landing page.

Who can access. Anyone attempting to access the platform during a maintenance window.

IntroductionCore Concepts