User Profile

Per-user self-service: change your password, manage two-factor authentication, review your active sessions, see your linked external accounts, and pick personal preferences for theme, timezone, refresh interval, and dashboard query granularity.

The Profile page is the only place where you can edit settings that belong to you, the signed-in operator. Administrator-level controls (creating other users, password policy, role assignments) live on the User Management (chapter 27) page. Anything system-wide (LLM endpoint, automation rules, license) lives elsewhere.

Page Layout

The profile is a single scrollable page laid out as a grid of cards.

+-----------------------------------------------------------+
| My Profile                                                |
+-----------------------------------------------------------+
| [ Preferences (large)            ][ Change Password ]     |
| [ Account Information            ][ Active Sessions ]     |
| [ Two-Factor Authentication (full width)             ]    |
| [ Linked Accounts                (full width)        ]    |
+-----------------------------------------------------------+

The Change Password card and the Two-Factor Authentication card only appear for users that signed in with a local username and password. Users signed in via an external OAuth provider see neither — those credentials belong to the provider, not to this appliance.

Preferences

The big card on the top-left collects all of your personal display and refresh defaults. Changes are not committed until you press Save.

A Save button appears at the top-right of the Preferences card the moment you make any change. Once pressed, the new values apply across the GUI immediately and persist across logins.

Theme

Two options: Dark (the default) and Light.

Color Palette

Two options: Classic Blue (default) and Sky / Cyan (Brand). The selector shows a small five-swatch preview of the active palette so you can see what is changing before you save.

Auto Refresh

A toggle that controls whether live widgets re-fetch data on a schedule. When off, widgets only refresh when you reload the page or hit a manual refresh button.

Refresh Interval

Only visible when Auto Refresh is on. Choices: 10 seconds, 30 seconds, 1 minute, 2 minutes, 5 minutes. This is the system-wide default; an individual dashboard’s refresh control on the Dashboard (chapter 07) page can override it for that dashboard.

Session Timeout

Read-only. The value comes from the administrator’s password and session policy; it tells you how long an idle session stays signed in. To change it, ask an administrator.

Date & Time Display

Three sub-controls grouped on the right side of the card:

Timezone — picks the timezone the GUI uses for every visible timestamp. UTC is the default. The appliance always stores timestamps in UTC under the hood; this setting controls display only.
Date Format — ISO (2026-05-19), US (05/19/2026), or European (19/05/2026).
Time Format — 24-hour or 12-hour AM/PM.

Tip. If you ever doubt what a screenshot is showing, set your profile to UTC and ISO date format. It is the safest universal display for incident notes and bug reports.

Dashboard Query Step Intervals

A four-cell grid at the bottom of the Preferences card. Each cell maps a time-range bucket (last hour, last day, last week, last 30 days) to a query step (for example “1 minute”, “1 hour”, “1 day”). Larger steps fetch fewer points and render faster but lose resolution; smaller steps show more detail but slow down for wide ranges.

A Reset link at the top-right of the grid puts every cell back to its built-in default. Use this if you have tweaked the values and want a clean slate.

Tip. Most operators never need to touch these. Defaults are good for a typical fleet. Bump the step up only if dashboards feel sluggish on wide time ranges.

Change Password

A small card on the top-right that lets you change your own password.

You must enter your current password to authorise the change. The new password is validated live against the policy set by the administrator (minimum length, required character classes); the helper text under the New Password input shows the active minimum.

Passwords are case-sensitive. After a successful change, you stay signed in on this session — other active sessions you have on other devices keep their old session token until they expire or you terminate them from the Active Sessions card.

The card is hidden for OAuth users. Their password is managed by the external provider, not by the appliance.

For the system-wide password policy and how administrators set it, see Authentication (chapter 29).

Account Information

A read-only card that summarises who you are signed in as.

Field	Description
Username (local auth)	The account name you log in with.
Full Name (OAuth)	Display name from your linked external account, shown instead of Username when present.
Email	The address on file for password reset and notifications.
Role	A coloured pill: `admin` (red), `operator` (brand colour), or `viewer` (grey).
Account Created	When the account was provisioned.
Last Login	Relative time since your most recent successful sign-in (“3 hours ago”).

Email is not currently editable from the profile page — ask an administrator if you need to change it. Role changes are also administrator-only and happen on User Management (chapter 27).

Active Sessions

A list of the browser sessions currently signed in as you, with the ability to terminate any session that is not the current one.

Each entry shows the browser/user-agent summary, the IP address the session was last seen from, and a Current badge on the session you are reading the page from. A logout icon next to non-current sessions opens a confirmation dialog and terminates that session on confirm.

This is the right place to look if you suspect your account has been used somewhere unexpected — kick the other session and change your password immediately.

A refresh icon at the top-right of the card re-fetches the list so you can confirm a termination took effect.

For the system-wide session log and audit trail (every login, every action, by every user), see Sessions and Audit (chapter 30).

Two-Factor Authentication

A full-width card that displays your MFA state and gives you the buttons to enable, disable, or rotate it.

When MFA Is Not Enabled

The card shows a yellow shield icon and a “MFA Not Enabled” message, with a prominent Enable Two-Factor Authentication button. Pressing it opens a modal that:

Generates a TOTP secret for your account.
Displays a QR code you scan with an authenticator app (Google Authenticator, 1Password, Bitwarden, FreeOTP, and similar all work).
Asks for a six-digit code from the app to confirm setup.
Shows you ten one-time backup codes. Copy or print them — they cannot be displayed again.

After enabling MFA, every subsequent login asks for a TOTP code from your authenticator app (or a backup code if you have lost the app).

When MFA Is Enabled

The card shows a green shield icon, the text “MFA Enabled”, and a backup-codes counter (“Backup codes remaining: 7 / 10”). The counter turns yellow when three or fewer backup codes are left.

Two buttons appear:

Regenerate Codes — invalidates the current backup codes and issues a fresh ten. Use this after you have used a few and want a fresh set, or if you suspect the printout has been seen.
Disable MFA — opens a confirmation modal that requires your current password to authorise the change.

The card is hidden for OAuth users — MFA on those accounts is enforced by the external provider, not by the appliance.

Warning. Print or store the backup codes somewhere safe before closing the setup modal. If you lose both your authenticator app and the backup codes, only an administrator can reset your MFA via the User Management (chapter 27) page.

Linked Accounts

A full-width card listing the external OAuth accounts linked to this user.

If no external account is linked, the card shows a placeholder (“No external accounts linked”) and a note that OAuth providers can be configured by an administrator.

If one or more providers are linked, each appears as a small card showing the provider name, the email or display name from the provider, and a green check mark.

You cannot unlink providers from this page in the current release. To unlink, ask an administrator; for the broader authentication topic — including which providers can be enabled and how — see Authentication (chapter 29).

Saving Changes

Most edits on this page are committed by a Save button next to the section that owns them.

Preferences — Save button at the top of the Preferences card.
Change Password — Save button at the bottom of the password form.
MFA — handled inside the MFA modals; there is no profile-wide Save.
Sessions — actions take effect on click (with a confirmation step).
Linked Accounts — read-only.

If you leave the page with unsaved Preferences, the change is discarded. Other cards commit immediately on their own buttons.

Notifications Reminder

The Profile page does not configure notification routing — that lives on its own page.

If you came here looking for “where do my alerts go?”, open the Notifications page instead. Routing rules and delivery channels (bell-icon in-app, external delivery via the Vector pipeline) are managed there.

Tip. Notification rules apply to everyone signed in to the appliance, not to individual users. There is no per-user “subscribe / unsubscribe to alerts” in the current release.

Authentication (chapter 29) — password policy, OAuth providers, and session timeout (administrator-side).
User Management (chapter 27) — admin-only user lifecycle (create, deactivate, role change, MFA reset).
Notifications — system-wide notification routing rules and delivery channels.
Sessions and Audit (chapter 30) — full session log and audit trail for every user.