Executive Summary
The Authentication & User Management module provides enterprise-grade identity services across the Partner Shipping ecosystem: secure registration with email verification, encrypted session management, optional two-factor authentication, role-based access control, business account activation with team invitations, and cross-portal single sign-on.
Business value delivered: Trusted digital relationships, controlled administrative access, reduced account-related support, and seamless cross-module user experience.
The Customer Problem
Identity and access challenges in B2B logistics platforms create both security risk and experience friction:
| Challenge | Business Impact |
|---|---|
| Weak or shared credentials | Unauthorised access to commercial transactions and shipment data |
| No role separation | Admin capabilities exposed to standard users, or claim handlers granted excessive platform access |
| Disconnected portal logins | Customers re-authenticate when moving from booking management to claims filing |
| Manual account provisioning | Business customers wait for operations to create team accounts |
| No verification on registration | Invalid or fraudulent accounts enter the system undetected |
| Session interruption during long workflows | Multi-step booking or claim submissions lost when sessions expire unexpectedly |
| No admin tooling | Platform administrators lack self-service user management capabilities |
For a carrier handling commercially sensitive shipment data and regulatory documents, identity is both a security imperative and a customer experience foundation.
The Solution
Authentication & User Management operates as a platform-wide identity layer serving all Partner Shipping applications:
User Journey
Registration and First Login
| Stage | User Action | Platform Response |
|---|---|---|
| 1 | Submit registration form with company and contact details | Create account; send verification email |
| 2 | Verify email via OTP or verification link | Activate account; enable login |
| 3 | Login with credentials | Issue encrypted session; redirect to dashboard |
| 4 | (Optional) Complete two-factor verification | Additional security layer for sensitive accounts |
Business Account and Team Management
| Stage | User Action | Platform Response |
|---|---|---|
| 1 | Business account holder initiates activation | Validate company credentials |
| 2 | Send team invitations via email link | Create pending invitations with company code |
| 3 | Invited user registers via invitation link | Associate user with business account |
| 4 | Admin assigns roles to team members | Apply role-based permissions |
Cross-Portal Access
| Stage | User Action | Platform Response |
|---|---|---|
| 1 | Authenticated user navigates to Claims Portal | Generate cross-portal authentication token |
| 2 | Claims Portal validates token | Establish session without re-login |
| 3 | User accesses claims workflow | Full claims capabilities under existing identity |
Key Capabilities
Secure Registration with Email Verification
Account creation requires valid email verification before activation — preventing fraudulent or mistyped registrations from entering the system.
Encrypted Session Management
Authentication tokens issued with industry-standard encryption, stored in secure HTTP-only cookies. Automatic token renewal during extended sessions prevents workflow interruption.
Two-Factor Authentication
Optional additional verification step for login — supporting security-conscious enterprise customers and regulatory expectations.
Role-Based Access Control
| Role | Access Scope |
|---|---|
| Standard user | Quotes, bookings, dashboard, address book, account settings |
| Platform administrator | User management, authorisation, admin deactivation |
| Claim administrator | Claims review dashboard, settlement, enterprise handoff, claim admin management |
| Compliance administrator | Sanctions and regulatory workflows |
Route and API Protection
Authenticated routes guarded at application level. API endpoints enforce required authentication and role validation independently of client-side checks.
Business Account Activation
Company-level registration with team invitation workflows. Business account holders invite colleagues via secure email links with company codes.
User Profile and Account Management
Self-service profile updates, password changes, email verification for contact changes, and address book management.
Admin User Management
Platform administrators manage user authorisation, role assignments, account deactivation, and admin privilege grants through dedicated admin interfaces.
Cross-Portal Single Sign-On
Authenticated sessions on the Customer Portal transfer seamlessly to the Claims Portal via secure token validation — one identity across the ecosystem.
Password Recovery
Secure reset link workflow with token expiration — enabling self-service recovery without support intervention.
Account Deactivation and Reactivation
Administrative deactivation with reactivation request workflow — supporting account lifecycle governance.
Functional Workflow
System Interactions
| Layer | Role |
|---|---|
| Customer Portal | Login/signup modals, route guards, admin interfaces, profile management, invitation flows |
| Claims Portal | Authentication modals, cross-portal token validation, claim admin role enforcement |
| Integration Platform | Credential verification, token issuance and renewal, role validation, invitation management, audit logging |
| External Services | Email delivery for verification, password reset, and invitation notifications |
Business Outcomes
| Outcome | Impact |
|---|---|
| Faster processing | Self-service registration and password recovery reduce account-related support tickets |
| Reduced manual effort | Business invitation workflows eliminate manual account provisioning by operations |
| Better customer experience | Seamless cross-portal SSO and session renewal prevent workflow interruption |
| Improved visibility | Admin dashboards provide account lifecycle visibility for platform governance |
| Security assurance | Role-based access and 2FA meet enterprise customer security expectations |
| Audit compliance | Login activity and role changes logged for security review |
Technical Highlights
- Industry-standard encrypted token authentication with secure cookie storage
- Dual-tier access model: optional authentication for public routes, required authentication for user routes
- Automatic session renewal preventing workflow interruption during multi-step processes
- Role middleware enforcing access at API level independent of client-side guards
- Cross-domain authentication bridge between Customer Portal and Claims Portal
- Bot protection on registration and login forms
- Blocked domain list preventing registration from disallowed email domains
Conclusion
Authentication & User Management is the trust foundation of the Partner Shipping platform. Without reliable identity services, no booking, claim, or compliance workflow can operate with confidence. By delivering enterprise-grade security with consumer-grade usability — including cross-portal SSO and business team management — Container Shipping establishes the digital trust required for shippers to conduct commercial transactions online.