One sign-in, every room.
Sign in once at access.askfinz.ai and every workspace opens for you — chat, research, code, mail, the verticals. No second prompt, no separate password per app. The session is bound to the device, not to a subdomain.
One sign-in · every workspace.
Four identities · one device.
The identity layer underneath every askFinz room.
Access is what makes “sign in once” actually true across the askFinz workspaces. Passkey-first auth, up to four identities per device, session and device management, billing and seats in one place. It's also the dashboard that manages every askFinz OS device you own — SSH, remote desktop, deploy-from-repo, cluster ops.
paul@personal.tld
The mock cycles between Personal, Work and Client identities — every workspace reshapes with the new context, and the billing footer follows the identity that's on the bill.
Sign in once at access.askfinz.ai and every workspace opens for you — chat, research, code, mail, the verticals. No second prompt, no separate password per app. The session is bound to the device, not to a subdomain.
Personal, work and the two clients on retainer — keep them side by side without signing in and out. Switching identity reshapes every workspace; memory stays scoped to the identity that wrote it.
Passkeys, backup codes, trusted contacts. Lose a device, lose a key — you get back in without a queue. The recovery path is documented in /trust, and we keep a public ledger of how often it fires.
See every device you're signed in on; sign one out remotely.
Up to four identities per device; rotation tied to passkey.
Hardware-backed credentials; no passwords stored anywhere.
Passkeys, backup codes, trusted contacts — three paths back in.
Plan, invoices, seats, delegated client seats — one page.
Invite, assign, revoke — every change in the audit log.
Access is the identity layer for askFinz workspaces. It is not a general-purpose identity provider for third-party apps — it does not issue SAML assertions to your HR tool, and it does not replace your corporate IdP. If you already run an IdP, we federate to it; if you don't, Access becomes the directory for the askFinz workspaces only.
It is also not a password manager. There are no passwords to manage — Access is passkey-first by design, and the recovery paths are documented in /trust.
On a regular laptop, Access is the sign-in layer for the askFinz workspaces — one identity, every room. On a machine running askFinz OS it becomes the full management surface for the device: SSH (cert-minted, one-hour TTL), NoVNC, RDP, Wake-on-LAN, package install, k3s + KubeVirt operations, deploy-from-code.askfinz.ai, training-job dispatch. Same identity throughout — the person signing in at the kiosk is the same person running kubectl against their own cluster, with every consequential action landing in the immutable device audit log.
Recovery paths and signal frequency are published in /trust — we keep the ledger honest.
Access is folded into every askFinz workspace — request access via /beta and your first sign-in provisions the identity layer behind the scenes.