#Profile Settings
| Role | Access Level |
|---|---|
| Client Admin | Review profile and manage available MFA lifecycle actions |
| Client Manager | Review profile and manage available MFA lifecycle actions |
| Client Staff | Review profile and manage available MFA lifecycle actions |
#Overview
Profile settings let you review the identity and security posture attached to your current portal session. Your display name, email address, role, MFA policy, enrolment state, challenge state, allowed factors, and recovery-code prompts are shown in the Profile section.
Display name and email address are managed identity fields. The portal does not store local-only profile values and does not offer unaudited identity changes. If either value is wrong, open Support in the signed-in portal and create an account ticket for a profile update request.
#Prerequisites
- You are signed in to the AiDial portal. See Signing In for instructions.
- Your current session belongs to an active tenant.
- If your role requires MFA and the current session is not compliant yet, you can still open Settings to complete or refresh MFA remediation.
#Reviewing Your Profile
- Select Settings from the sidebar.
- Open the Profile section. It is the default section at
/settings. - Review the profile summary:
- Display name - the name from your authenticated session, or Unavailable when the session does not provide one
- Email address - the email from your authenticated session, or Unavailable when the session does not provide one
- Portal role - your current server-resolved portal role
- Allowed factors - MFA factors currently recognised by the session, such as authenticator app or recovery code
- Security status - whether MFA is required, satisfied, pending, failed, optional, or unavailable
- Use Refresh security status after completing MFA setup or verification with the identity provider.
#Ownership Matrix
| Field or Action | Portal Behaviour | Source of Truth |
|---|---|---|
| Display name | Managed identity field. The portal shows the session value or Unavailable and directs you to open Support in the signed-in portal for a profile update request. | Identity provider or organisation-admin process |
| Email address | Managed identity field. The portal shows the session value or Unavailable and directs you to open Support in the signed-in portal for a profile update request. | Identity provider |
| Portal role | Read-only security fact. The portal does not offer broad role changes from Profile. | Server-resolved tenant assignment |
| Allowed factors | Provider-backed read-only security fact. | Current MFA policy and identity-provider state |
| MFA lifecycle actions | Self-service only when the trusted identity-provider action is available for your account state. | Identity provider and portal security policy |
| Password changes | Not a Profile form action. Use the identity-provider or administrator-supported recovery path. | Identity provider |
#MFA Actions
The Profile section shows MFA actions only when the current session and account security state make them available.
| Action | When It Appears | Behaviour |
|---|---|---|
| Open MFA setup | A trusted provider setup URL is available, or the portal can derive the standard trusted Zitadel setup URL for first-time mandatory-role remediation. | Opens the identity provider in a new tab. Complete setup there, then refresh the profile security status. |
| MFA setup unavailable / MFA management unavailable | The portal cannot verify a trusted provider action for the current state. | Refresh your security status after signing in again. If it remains unavailable, contact your administrator. |
| I stored my recovery codes | A new or re-enabled MFA recovery-code set needs acknowledgement. | Records that you stored the recovery codes. This action requires the current lifecycle marker. |
| I reviewed my recovery codes | This session used a recovery code and the portal shows a reminder. | Records that you reviewed or regenerated provider-issued recovery codes. This action requires the current lifecycle marker and does not store raw codes in the portal. |
| I generated a new recovery-code set | MFA is enrolled and a trusted provider setup URL is available. | Records that you generated a new recovery-code set with the provider. |
| Open provider MFA management to disable | The current role and account state allow MFA disable. | Opens the trusted provider management URL in a new tab after the portal records the launch. Roles with mandatory MFA do not receive this action. |
Other protected portal areas remain blocked while mandatory MFA is not compliant. Complete setup or verification with the provider, then return to Settings and refresh the security status.
If you lose access to your authenticator, use a provider-issued recovery code during sign-in. If you no longer have recovery codes, contact your organisation administrator or help@aidial.com.au. The Profile section can show reminders and trusted provider links, but it cannot bypass MFA, reveal one-time codes, or reset your authenticator directly.
#Field Reference
| Field Name | Description | Source and Behaviour |
|---|---|---|
| Display name | Name shown for the current signed-in user | Managed by the identity provider or organisation-admin process. Blank or missing values are displayed as Unavailable. Use the profile update support request if it is wrong. |
| Email address | Email shown for the current signed-in user | Identity-provider managed. Blank or missing values are displayed as Unavailable. Use the profile update support request if it is wrong. |
| Portal role | Server-resolved role for this session | Portal role is a read-only access assignment resolved server-side from the session context. Navigation visibility is not a security boundary. |
| Allowed factors | MFA factors recognised for this session | Derived from MFA state on the session, with supported labels for authenticator app and recovery code. |
| Policy | Whether MFA is required or optional for the current role/session | Derived from the session MFA snapshot. Client Admin is optional by role; any client role may still be required by an explicit tenant or user policy. |
| Enrollment | Current MFA enrolment state | Shows enrolled, not enrolled, or unknown. |
| Challenge state | Current MFA challenge state | Shows satisfied, required, failed, or unknown. |
| Lifecycle status last refreshed | Time the MFA lifecycle status was last refreshed | Displayed in your portal locale. |
#Access, Scope, and Runtime Behaviour
The browser uses your signed-in portal session. You do not need to enter or send an API key.
Profile details and MFA actions are scoped to the current signed-in user and active tenant. MFA actions may be rate-limited and require a current trusted identity-provider state. If your tenant, session, or MFA state cannot be verified, the portal blocks the action and asks you to refresh or sign in again.
#Common Issues
| Issue | Resolution |
|---|---|
| I cannot edit my display name or email address | These are managed identity fields. Open Support in the signed-in portal and create an account ticket for a profile update request, or contact your administrator if the identity provider has the wrong details. |
| I cannot find a timezone field | Profile settings do not currently include a timezone control. Other pages use their own project or browser timezone behaviour. |
| MFA setup is unavailable | Sign in again and refresh the security status. If no trusted provider action appears, use a provider-issued recovery code during sign-in where available, then contact your administrator or help@aidial.com.au if you remain locked out. |
| Other pages stay blocked after MFA setup | Return to Settings > Profile and use Refresh security status so the portal can read the latest MFA state. |
| A recovery-code prompt stays visible | Confirm that you stored or reviewed your provider-issued recovery codes, then use the matching acknowledgement action. If the lifecycle changed elsewhere, refresh the profile summary. Do not paste recovery-code values into portal support requests. |
| Profile summary will not load | Retry the profile summary. If it still fails, your session, tenant status, or MFA lifecycle state may need administrator attention. |