Atlas
Onboarding
Use your request code to view status and next steps.
Request Code
{{ statusLabel(status) }}Confirm your email
Open the verification email from Atlas and click the link to confirm your address. After verification, an admin can approve your request.
If you did not receive an email, return to Request Access and submit again using a reachable external address.
Awaiting approval
An Atlas admin has to approve this request before an account can be provisioned.
Accounts building
Your request is approved. Atlas is now preparing accounts and credentials. Check back in a minute.
Automation
{{ blocked ? "blocked" : "running" }}- {{ item.task }} {{ item.status }} {{ item.detail }}
One or more automation steps failed. Fix the error above, then check again.
Onboarding checklist
{{ status === "ready" ? "ready" : "in progress" }}Some steps are verified automatically from Keycloak (password). Others can't be verified yet — mark them complete once you're done.
Temporary password
Use this password to log in for the first time. You won't be forced to change it immediately — you'll rotate it later after Vaultwarden is set up. This password is shown once — copy it now. If you refresh this page, it may disappear.
Log in at sso.bstein.dev or go directly to cloud.bstein.dev.
Log in to check off onboarding steps.
-
Open Passwords and set a strong master password you won't forget. Your master password is the one password to rule all passwords: use a long passphrase (64+ characters is a good target), and never write it down or share it with anyone. If you lose it, Atlas can't recover your vault. If you can't sign in yet, check your Atlas mailbox in Nextcloud Mail for the invite link.
Master password guidance
- Prefer a multi-word passphrase over a single word.
- Never store it in plaintext or share it with anyone.
- If you forget it, Vaultwarden can’t decrypt your data.
-
Install Bitwarden in your browser and point it at vault.bstein.dev (Settings → Account → Environment → Self-hosted). Bitwarden downloads.
-
Install the Bitwarden desktop app and set the server to vault.bstein.dev (Settings → Account → Environment → Self-hosted). Bitwarden downloads.
-
Install the mobile app, set the server to vault.bstein.dev, and enable biometrics for fast unlock. Bitwarden downloads.
-
Wger is a personal wellness tool, not medical advice. Use it at your own risk. Your health data belongs to you and will never be sold or used beyond providing the service. We apply best practices to protect it, but no system is risk-free.
-
Open health.bstein.dev and sign in with the credentials shown on your Account page. In the mobile app, set the server URL to health.bstein.dev and log in once.
-
Open budget.bstein.dev and sign in with your Keycloak account.
-
Open money.bstein.dev and sign in with the credentials from your Account page. In the Abacus app, set the server URL to money.bstein.dev and log in once.
-
After Vaultwarden is set up, rotate your Keycloak password to a strong one and store it in Vaultwarden. Atlas verifies this once Keycloak no longer requires you to update your password.
-
Optional: enable MFA (TOTP) for Keycloak{{ mfaPillLabel() }}
Add a second factor with a mobile authenticator app. This is optional and won't block the rest of onboarding.
-
In Element, create a recovery key so you can restore encrypted history if you lose a device. Atlas stores only a SHA-256 hash so the recovery key itself is never saved server-side. Open Element settings → Encryption.
-
Save the recovery key in Vaultwarden so it doesn't get lost.
-
{{ step.description }} {{ step.primaryLink.text }}. {{ step.secondaryLink.text }}.
You're ready
Your Atlas account is provisioned and onboarding is complete. You can log in at cloud.bstein.dev, notes.bstein.dev, and tasks.bstein.dev.
Denied
This request was denied. Contact the Atlas admin if you think this is a mistake.