Skip to main content

Security

Web vs mobile: Mobile supports personal MFA, passkeys, session management, and read-only login/passkey audit logs. Org-wide MFA enforcement and SSO configuration remain on PanelOne web.

Navigation: More → SettingsSecurity, Sessions

PanelOne Mobile shares the same Supabase auth stack as web — MFA, passkeys, and sessions apply across both platforms.

Overview

Security features on mobile cover:

AreaMobileWeb-only
MFA enrollmentYes
Passkey registration & sign-inYes
Active sessionsView and revoke
Login historyRead-only
Passkey audit logRead-only
Org MFA policy toggleView onlyEnforce for all members
SSO configurationView/link to webFull config

Multi-Factor Authentication (MFA)

Mandatory Enrollment

If your organization requires MFA and you haven't enrolled:

  1. After sign-in, the app shows Mandatory MFA Enrollment.
  2. Scan the QR code with your authenticator app (Google Authenticator, Authy, etc.).
  3. Enter the verification code to complete enrollment.
  4. Save recovery codes in a secure location.

You cannot access the main app shell until enrollment completes.

Managing MFA

Navigation: More → Settings → Security

ActionSteps
View MFA statusOpen Security settings
Enable MFAFollow enrollment flow if not yet enabled
Recovery codesView or regenerate (same as web)

Org policy: Admins enforce "Require MFA for all team members" on web. Mobile respects the policy but cannot change it.

Passkeys

Passkeys provide passwordless sign-in using Face ID, Touch ID, or device passcode.

Sign In with Passkey

  1. On the sign-in screen, tap Sign in with passkey.
  2. Authenticate with biometrics or device passcode.
  3. WebAuthn completes against the same RP ID as PanelOne web (app.panelone.dev).

Register a Passkey

Navigation: More → Settings → Security

  1. Tap Add passkey.
  2. Follow the system passkey registration prompt.
  3. The passkey is stored in iCloud Keychain (or your configured provider).

Passkeys registered on mobile work on web and vice versa, subject to platform support.

Passkey Audit Log

Navigation: More → Settings → Security → Passkey audit section

Read-only log of passkey registration and authentication events — useful for security reviews.

Sessions

Navigation: More → Settings → Sessions

View and manage active sessions across devices:

ElementDescription
Current sessionHighlighted — this device
Other sessionsBrowsers and devices with active tokens
RevokeEnd sessions you don't recognize
Session detailsDevice type, last active, IP (when available)

Revoking another device's session signs it out immediately on next request.

Session Timeout

Organization session timeout policy is configured on web. Mobile sessions respect the same timeout rules — you may see re-authentication prompts after idle periods.

Login History

Navigation: More → Settings → Security → Login history section

Read-only list of recent sign-in events:

  • Timestamp
  • Success or failure
  • Method (password, passkey, MFA)
  • IP address and device hints (when logged)

Use login history to audit account access after lost devices or credential concerns.

Sign-Out Data Purge

Signing out clears:

  • Keychain session tokens
  • Offline read cache
  • Active and dead-letter write queues

This ensures no operational data persists on a shared or lost device after sign-out.

Security Console (SentinelOne)

For SentinelOne-specific security operations beyond personal account security:

Navigation: More → Security & threats → SentinelOne sub-console

Includes mobile S1 hub sections for threat browse and vendor-specific actions. Full vendor admin remains on web.

Tips & Best Practices

  • Enroll MFA before field use — Mandatory enrollment blocks app access until complete.
  • Register a passkey — Fastest sign-in during on-call rotations.
  • Review sessions monthly — Revoke stale browser sessions.
  • Check login history after travel — Confirm no unexpected sign-ins.
  • Configure org MFA on web — Admins should enforce team-wide MFA from Settings.