Skip to content
Roster Roster Roster Docs

First Login

New deployments bootstrap a default admin identity:

email: admin@roster.local
username: admin
password: admin
role: admin

The bootstrap identity must change its password before normal platform use.

Password Change Prompt

Section titled “Password Change Prompt”

After signing in with the default credentials, Roster prompts the admin to change the password before continuing normal platform use. The same prompt is shown by protected app routes when the signed-in profile still requires a password change.

The prompt includes a “Skip for now” option for the current browser session. Skipping does not remove the password-change requirement. A successful password change clears the requirement.

Password Policy

Section titled “Password Policy”

New passwords must:

  • Be at least 12 characters
  • Include a lowercase letter
  • Include an uppercase letter
  • Include a number
  • Include a symbol
  • Not start or end with whitespace
  • Not equal the default password admin
  • Differ from the current password

Better Auth also enforces a minimum password length of 12 characters on the server.

Operational Guidance

Section titled “Operational Guidance”

Change the bootstrap admin password immediately after deployment and create named admin team members for day-to-day administration. Treat the bootstrap account as a recovery account, not as a shared operational identity.