Skip to main content

User Authentication & Navigation

Source file: 2026-06-09-user-manual-supplier-portal-auth-navigation.html

User Manual

FieldValue
Document TypeUser Manual
PortalGRINEA – Supplier Portal
ModuleUser Authentication & Navigation
Version Number1.0
Document DateJune 9, 2026
Prepared byChristian Canlubo

Version History

Version NumberVersion DetailsAuthorDate Published
1.0Initial VersionChristian CanluboJune 5, 2026

1.0 Introduction

This manual covers the User Authentication module of the GRINEA Internal Operations Portal, Supplier Portal section. It is intended for supplier company representatives who access the portal to participate in procurement activities. The manual describes how to access the portal, set up and manage account credentials, and understand how sessions are created and ended. Users should read this manual before consulting any other Supplier Portal module documentation.

1.1 Purpose of the Document

This document is the official user manual for the User Authentication module of the GRINEA Supplier Portal. It describes the processes and platform behaviors that govern how supplier users gain access to the portal, maintain their sessions, and recover access when credentials are unavailable.

The User Authentication module manages all aspects of access control for the Supplier Portal. It covers the initial account activation process triggered by a supplier invitation, the standard login flow, password recovery, session management, and logout. Access to the portal is conditional: a supplier company must have been invited through a Request for Quotation on the internal portal and a Supplier Profile must exist on the platform before any user under that company can authenticate.

This manual enables Supplier Users to independently complete the account setup process, log in and out of the portal, recover access through the password reset flow, and understand why access may be blocked and what steps to take.

1.2 Scope of the Document

This manual covers the authentication-related functionality available to Supplier Users on the GRINEA Supplier Portal. Specifically, this document covers:

  • Activating a new Supplier User account by setting a password via invitation link
  • Navigating the login page, including the Terms of Use and Privacy Policy modals
  • Switching the portal interface language between English and Polish
  • Logging in with valid credentials
  • Handling login errors and access-blocked scenarios
  • Initiating and completing a password reset via the Forgot Password flow
  • Requesting a new password reset link from the Forgot Password confirmation screen
  • Understanding automatic session termination after inactivity
  • Logging out of the portal and the resulting session behavior

The following areas are out of scope for this document:

  • Supplier company registration, onboarding, or profile management
  • The Request for Quotation module and any procurement workflows
  • Orders, Company Profile, Notifications, or Help Guide portal modules
  • Internal portal user authentication (Backoffice and Frontoffice users)
  • Administrator-side actions, including the resend of invitation links or management of supplier company status

1.3 Intended Audience

Supplier User

A Supplier User is an individual registered under a supplier company record on the GRINEA platform. Supplier Users access the portal exclusively through the Supplier Portal interface, which is separate from the internal portal used by buyers and operations staff. A Supplier User can only access the portal if the parent supplier company has been invited through an active Request for Quotation on the internal portal and a Supplier Profile has been created for that company.

A Supplier User account is created by the platform when an invitation is issued. The account begins in a pending state with no password set. The user must complete the Set Password flow using the invitation link sent by email before they can log in for the first time. If the supplier company's status is marked as closed on the platform, all login attempts by users under that company are blocked regardless of whether the credentials are valid.

All Supplier Users within the same Supplier Profile share the same level of access to the portal, including access to all RFQs and orders associated with that profile. There is no hierarchy or permission difference between Supplier Users belonging to the same company.

2.0 Module Overview

2.1 Description

The User Authentication module controls how Supplier Users access the GRINEA Supplier Portal. It manages the full lifecycle of a user session, from the initial account activation triggered by a supplier invitation, through standard login and session maintenance, to user-initiated logout and automatic session termination due to inactivity.

Sessions are created on successful login and remain active until the user logs out or the portal detects 12 consecutive hours of inactivity. Logging out permanently invalidates the session token on the server side, preventing back-navigation from restoring access.

The portal interface is available in English and Polish, and the language can be switched at any time from the login page or within the authenticated portal.

A Supplier Profile may have one or more Supplier Users registered under it. All Supplier Users within the same Supplier Profile share the same level of access to the portal. When a Buyer publishes an RFQ and selects suppliers, they also designate which Supplier Users from each profile should receive email notifications for that RFQ. Only the designated contacts receive those emails, but all Supplier Users under the same profile retain portal access to the RFQ regardless of whether they were selected as a notification contact.

2.2 Key Features and Functionalities

2.2.1 First Login and Password Setup

When a supplier company is invited to participate in a Request for Quotation on the internal portal, the platform creates a Supplier User account and sends an invitation email to the registered email address. The account is created in a pending state: no password is set, and the user cannot log in until the Set Password flow is completed.

The invitation email contains a link that routes the Supplier User to the Set Password screen. This link is personal, time-limited, and single-use. Once the password is set successfully, the user is navigated to the login page and can authenticate immediately.

Steps for first login:

  • At least one lowercase letter

  • At least one uppercase letter

  • At least one number

  • Minimum 8 characters

  • At least one special character

  • Valid for 24 hours from the time it is sent.

  • Each link can be used only once. Once a password has been set using the link, the link is permanently invalid.

  • If the invitation link has expired, the Supplier User cannot complete account activation independently. Contact your buyer or the platform administrator to request a resend.

  • Invitation emails are sent in the language set as the preferred language for the supplier company record (English or Polish).

[Screenshot: Set Password Screen — First Login Account Activation]

2.2.2 Login Page Navigation

The login page is the entry point to the Supplier Portal. It is publicly accessible and does not require authentication to view. The page contains the following elements:

  • Email field — Accepts the registered email address. Required to submit the login form.
  • Password field — Accepts the account password. Input is masked. Required to submit the login form.
  • Log In button — Submits the credentials and initiates the login process.
  • Forgot Password link — Navigates to the Forgot Password screen.
  • Terms of Use link — Opens the Terms of Use modal overlay.
  • Privacy Policy link — Opens the Privacy Policy modal overlay.
  • Language toggle — Switches the interface between Polish (PL) and English (EN).

The login page remains accessible at all times regardless of the Supplier User's account status. Authentication errors are displayed on the login page after a failed login attempt.

[Screenshot: Login Page — Supplier Portal Entry Point]

2.2.3 Terms of Use

The Terms of Use are accessible from the login page, the Forgot Password page, and the Reset Password page, without requiring authentication. Clicking the Terms of Use link opens a modal overlay that displays the full Terms of Use text. The modal can be closed to return to the login page.

The content of the Terms of Use modal is presented in the currently selected interface language. If the language toggle is switched while the modal is open, or after it has been closed and reopened, the content reflects the selected language.

2.2.4 Privacy Policy

The Privacy Policy is accessible from the login page, the Forgot Password page, and the Reset Password page, without requiring authentication. Clicking the Privacy Policy link opens a modal overlay displaying the full Privacy Policy text. The modal can be closed to return to the login page.

The content of the Privacy Policy modal is presented in the currently selected interface language. If the language toggle is switched, the modal content converts to the selected language.

2.2.5 Language Toggle

The Supplier Portal interface supports English (EN) and Polish (PL). A language toggle is available on the login page, the Forgot Password page, and the Reset Password page. Clicking the toggle switches all interface labels and modal content to the selected language immediately.

The language toggle affects all visible interface labels on the current page, including the content of the Terms of Use and Privacy Policy modals. Switching language does not affect the user's account data or any pending actions.

2.2.6 Login

The login flow authenticates a Supplier User and creates a portal session that grants access to all protected portal areas, including the Request for Quotation list, Orders, Company Profile, Notifications, and Help Guide.

Steps for a successful login:

  • Both email and password fields must be completed before submission. Empty fields produce a required field error.
  • If the password entered does not match the account's stored password, authentication fails. No session is created.
  • If the parent supplier company has a closed status on the platform, the login is blocked. No session is created regardless of credential validity.
  • A Supplier User whose account is in the pending activation state (password not yet set) cannot log in. The Set Password flow must be completed first.

2.2.7 Forgot Password

The Forgot Password flow allows a Supplier User to request a password reset link when they cannot access their account. It is initiated from the login page and does not require the user to be logged in.

Steps:

[Screenshot: Forgot Password Screen]

2.2.8 Reset Password

The Reset Password flow allows a Supplier User to set a new password after initiating a Forgot Password request. It is accessed via the link sent to the registered email address.

Steps:

  • The reset link is valid for 15 minutes from the time it is sent.
  • Each reset link can be used only once. Once the password has been updated, the link is permanently invalid.
  • If the reset link has expired or has already been used, the Supplier User must return to the login page and initiate a new Forgot Password request. The daily limit of 3 requests per email address applies.
  • The same password complexity rules apply to the Reset Password flow as to the Set Password flow.

If a Supplier User did not receive the password reset email, or if the original reset link has expired before it could be used, a new reset link can be requested from the Forgot Password confirmation screen.

Steps:

2.2.10 Session Timeout

The Supplier Portal automatically terminates an authenticated session after 12 consecutive hours of inactivity. Inactivity is defined as no user interaction with the portal during that period, including no mouse movement, clicks, keystrokes, or page navigation.

When the inactivity timeout is reached, the session is ended and the Supplier User is redirected to the login page. A new login is required to resume access to protected areas.

2.2.11 Logout

A Supplier User can end an authenticated session at any time by clicking Logout in the User Menu. Logout is user-initiated and immediately and permanently ends the session.

Steps:

2.3 Supplier User Account Status Lifecycle

The following statuses describe the state of a Supplier User's access to the portal at any given point. Statuses progress in the order shown under normal conditions.

#StatusDescription
1PENDINGThe Supplier User account has been created and an invitation email has been sent, but the Set Password flow has not yet been completed. No password is set. The user cannot log in. Remains in this state until the user opens the invitation link and sets a password.
2ACTIVEThe Set Password flow has been completed. The Supplier User can log in with their registered email address and password. Access to the portal is subject to the supplier company's status — if the company is Closed, login is blocked even for Active users.
3DELETEDThe Supplier User account has been removed from the Supplier Profile by a Buyer or platform administrator via the Supplier Management module. The user no longer appears in the user list and can no longer log in to the portal. Their email address cannot be re-added to any supplier profile on the platform. Deletion is prevented if the user is the only remaining user under the profile.

An active Supplier User session is created on successful login and ends when the user clicks Logout or when the portal detects 12 consecutive hours of inactivity. If the parent supplier company has a closed status on the platform at the time of login, access is blocked regardless of credential validity.

3.0 Error Handling and Troubleshooting

The following table describes the error scenarios a Supplier User may encounter within the User Authentication module, their likely causes, and the steps to resolve them. Issues that persist after following these steps should be escalated to the platform administrator.

ScenarioPossible CauseResolution
After clicking Log In, a required field error appears beneath the email or password fieldOne or both fields were left blank when the Log In button was clicked.Fill in both the email address and the password before clicking Log In. Both fields are required.
After entering credentials and clicking Log In, an authentication error is displayed and access is not grantedThe password entered does not match the password on file for that email address.Check that the email address is the one registered under your supplier company account. Re-enter the password carefully. If the problem persists, use the Forgot Password flow to reset your password.
Clicking the invitation link from the invitation email shows an error stating the link is invalid or has expiredThe invitation link has passed its validity window, or the link has already been used once to set a password.Contact your buyer or the platform administrator. A Buyer with access to the Supplier Management module can resend the invitation link directly from that module. A new 24-hour invitation link is generated when the resend is triggered. The original link cannot be reactivated.
Clicking the password reset link from the reset email shows an error stating the link is invalid or has expiredThe reset link has passed its 15-minute validity window, or the link has already been used to reset the password.Return to the login page and click Forgot Password again to initiate a new reset request. Note that a maximum of 3 reset requests per email address are permitted per day, shared across the initial Forgot Password submission and any Resend Link actions.

4.0 Frequently Asked Questions

QuestionAnswer
I was invited to the Supplier Portal but I cannot find the invitation email. How do I get access?Invitation emails are sent to the email address registered under your supplier company record. Check your junk or spam folders. If the email was not received or the invitation link has expired (links are valid for 24 hours), contact your buyer. A Buyer with Supplier Management access can resend the invitation link directly from the Supplier Management module, generating a fresh 24-hour link.
How do I switch the portal interface between English and Polish?A language toggle is available on the login page and within the authenticated portal. Clicking the toggle switches all interface labels to the other language immediately, including the content of the Terms of Use and Privacy Policy modals. Note that the language used for invitation and password reset emails is set by the language preference recorded against your supplier company record, and is not affected by the toggle.
My session ended and the portal returned me to the login page, but I did not click Logout. What happened?The portal automatically ends sessions after 12 consecutive hours of inactivity. A warning message appears approximately 1 hour before the session ends, with an option to stay logged in. Selecting this option resets the inactivity timer. Log in again to resume access if the session has already ended.
I requested a password reset but did not receive the email. Can I request another link?Yes. After submitting a Forgot Password request, the confirmation screen displays a Resend Link button, which becomes active 60 seconds after the initial request. Clicking it sends a new reset email with a fresh 15-minute link and permanently invalidates the previous link. You can submit a combined total of 3 reset requests per day per email address.
What are the password requirements when setting or resetting my password?The platform enforces: at least one lowercase letter; at least one uppercase letter; at least one number; minimum 8 characters; at least one special character. These rules apply to both the Set Password and Reset Password flows.
What happens to my session after I log out? Can someone access my account using the browser's back button?When you click Logout from the User Menu, the platform immediately and permanently invalidates your session token on the server side. If anyone attempts to navigate back to a portal page using the browser's back button after logout, they will be redirected to the login page. Re-authentication is required to access the portal.