User guide

How to use XS Account

XS Account is your personal dashboard at account.xinosolutions.com. Manage profiles, security, sessions, and connected Xino products — all backed by the central XS Auth service.

Overview

XS Account is the end-user management surface for your Xino identity — similar to Google Account at myaccount.google.com. It does not replace individual product dashboards (like Bookly or Learnix). Instead, it answers: who am I, how am I signed in, and which Xino apps can use my account?

Profile

Name, email, phone, and photo shared across Xino products.

Security

Password, MFA, recovery options, and sign-in activity.

Connected apps

Launch Xino products or remove access when you are done.

Need to register an app or manage API credentials? Use console.xinosolutions.com — that is the developer console, not this account portal.

Architecture

All user credentials and session data live in the auth database owned by XS Auth. XS Account is a frontend on top of that same data — there is no separate account database.

ServiceRole
auth.xinosolutions.comLogin, signup, forgot password, MFA, token issuance. Products authenticate users here via the XS Auth SDK popup.
account.xinosolutions.comProfile, security settings, sessions, multi-account switcher, and connected apps — this application.
console.xinosolutions.comDeveloper console — register apps, client IDs, secrets, and integration settings.
Xino productsEach product has its own database and never stores passwords. After login, the product backend validates the idToken with auth and receives user profile data.

Getting started

Create an account

  1. Click or sign in through any Xino product that uses the XS Auth SDK.
  2. Complete signup or login in the auth popup on auth.xinosolutions.com.
  3. Return here to manage your profile, security, and sessions from Home.

Sign in later

Use on this site, or sign in from any connected Xino product. Your session is shared with auth.xinosolutions.com in this browser. Sign out from the account menu in the header or from the Sessions page for a specific device.

Home

The Home page is your account overview — profile photo, display name, email, and quick links to Security, Sessions, and Your apps. Search and shortcuts help you jump to common tasks (change password, review devices, launch a product).

Use the sidebar to navigate. Sections are grouped under Account (profile and security) and Connected (apps and sessions). Search menu items with the search box at the top of the sidebar.

Personal info

Update the details associated with your Xino identity. Changes sync to the auth database and appear in every product after the next token validation or refresh.

  • First & last name — shown in product UIs and account switcher
  • Email — primary sign-in identifier; changing it may require verification
  • Phone — optional; useful for recovery and SMS MFA
  • Profile photo — avatar across account and products

Security & MFA

Security settings apply to your auth account globally. When MFA is enabled, it is enforced during login on auth.xinosolutions.com — before an idToken is issued. Individual products do not implement MFA themselves; they only receive a token that may include an amr claim indicating MFA was used.

  • Password — change your password anytime; other sessions may be signed out depending on policy
  • Multi-factor authentication — enable TOTP or SMS from Security; required on next sign-in after setup
  • Recovery email & phone — backup ways to regain access
  • Recent security activity — password changes, new device sign-ins, MFA updates

Sessions & devices

Sessions are stored in the auth database — one row per active sign-in, tied to your user, the product (client ID), device info, IP, and last active time. This page lets you audit and revoke access.

  • This device — your current browser session, tagged separately
  • Other sessions — browser, approximate location (from IP), and last active timestamp
  • Sign out — revoke a single session; that device must sign in again on next use
  • Sign out of all — revoke every session except the current one (or including it, if you choose)

Session revocation works with refresh tokens stored server-side. When a session is revoked, the next refresh fails and the product prompts for login again.

Your Xino apps

Lists every Xino product that has issued a token for your account — derived from registered client IDs in the auth database. Use this to launch back into a product or remove access.

  • Launch — open the product signed in as you
  • Remove access — revoke tokens for that app; you will need to sign in again next time (product data is not deleted)

Account switcher

The account switcher in the header shows every profile currently signed in on this browser via auth.xinosolutions.com — the same session state the XS Auth SDK uses for product popups.

  • Switch profile — change the active account without signing others out
  • Add another account — sign in with a different email; both stay active in this browser
  • Sign out of one account — removes only that profile from this browser
  • Sign out of all accounts — clears every profile from this browser

How sign-in works

For developers and curious users — the flow every Xino product shares:

  1. User clicks Sign in on a product; the XS Auth SDK opens a popup to auth.xinosolutions.com.
  2. User logs in, signs up, or resets password in the popup. MFA runs here if enabled on the account.
  3. On success, the SDK returns an idToken to the product.
  4. The product backend calls auth's validate API with the idToken. Auth returns profile fields (name, email, etc.).
  5. The product never sees or stores the password — all credential checks stay on auth.

XS Account uses the same auth session. Managing MFA or signing out a device here affects how and when you must authenticate in products again.

Planned sections

The dashboard is being built out section by section. These areas will appear in the sidebar as they ship:

  1. 1
    Personal info

    Edit name, email, phone, and profile photo.

  2. 2
    Security

    Change password, enable MFA, and review activity.

  3. 3
    Sessions

    View active devices and sign out remotely.

  4. 4
    Your apps

    Launch Xino products or revoke access.

Troubleshooting

Sign-in popup blocked or closed
Allow popups for auth.xinosolutions.com and the product site, then try again. The SDK needs the popup to complete authentication.
Signed in on a product but not here
Open account.xinosolutions.com in the same browser and use Sign in. Sessions are shared via auth cookies on this origin.
MFA prompt every time
Check Security for MFA settings and trusted devices. Some products may require fresh MFA for sensitive actions via the amr claim.
Signed out a device but product still works
Short-lived tokens may remain valid until they expire. After revocation, refresh will fail and the product will ask you to sign in again.
Wrong account active
Use the account switcher in the header to pick the correct profile, or sign out of the unwanted account from the switcher menu.
Need client ID or API keys
That belongs on console.xinosolutions.com, not XS Account. The account portal is for end-user identity, not developer credentials.

Ready to manage your account?

Checking your session…