Manage profile identity, email verification, MFA, sessions, linked identities, workspace memberships, and destructive account actions from the account surface.
This guide maps the signed-in account experience so users can update profile settings, secure the session model, and move cleanly between personal identity and workspace access tasks.
These are the product surfaces that currently define the account and workspace-management experience.
Identity hero, onboarding summary, profile editing, saved items, recent activity, and the main section navigation.
Sign in, sign up, and email-verification routes gate the first session and the verified-account lifecycle.
Password state, MFA setup and disable flows, backup codes, sessions, and trusted-device review live under the security section.
Review memberships, primary workspace labeling, and invite-token joins from the account workspace section.
Link or unlink Google, NAVER, and Kakao identities that feed the sign-in surface.
Audit recent actions, load more activity rows, sign out all sessions, or deactivate the account.
Follow this sequence so identity and workspace changes remain coherent across sign-in, verification, and downstream product access.
Update username, display name, avatar URL, locale, and timezone before you treat saved items or workspace activity as durable context.
Resend the verification email if needed so recovery flows, invite acceptance, and account trust signals stay available.
Review Google, NAVER, or Kakao bindings before you rotate passwords, tighten MFA, or expect teammates to use the same identity path.
These are the concrete controls users will touch most often when they secure the account surface.
The security card changes shape based on whether the account already has a password, so first-time password creation and normal rotation are documented as separate states.
The MFA panel is the operational center for enrollment, backup-code regeneration, disable actions, and the visible method or trusted-device counters.
Recent sessions show user-agent, IP, relative last-seen time, expiry, a current-session lock, and the option to revoke one row or all other sessions.
Trusted devices surface last-seen and expiry timestamps per device, then allow targeted revocation without disabling MFA entirely.
These controls define how personal identity and workspace reachability meet on the account page.
Membership rows expose workspace_id, role, join date, and a primary-workspace chip so the user can confirm the exact workspace context before moving elsewhere.
The join panel accepts a raw invite token, executes the membership join, and immediately changes what signed-in routes and roles are reachable.
Google, NAVER, and Kakao rows expose provider email, linked timestamp, and connect or unlink actions so sign-in policy stays aligned with the account's preferred identity path.
Review session, token, workspace-header, and role boundaries that sit underneath the account surface.
Go deeper on TOTP enrollment, backup-code capture, and recovery expectations.
Continue into signed-in posture, token-security, and runtime-policy controls after account setup is stable.
Mar 24, 2026
Report unclear guidance, stale contracts, missing coverage, or broken docs UI on this page.
Open feedback issueJump to the section you need without losing your place.
Mar 24, 2026
Report unclear guidance, stale contracts, missing coverage, or broken docs UI on this page.
Open feedback issue