Auth deep pack | UI Primitives | Oak Flats UI Primitives

Fourteen deep account-security surfaces for Oak Flats Mufflermen — MFA enrolment, SSO provider config, magic-link status, passkey management, session manager, auth audit feed, recovery codes, trusted devices, login-attempt meter, HIBP-aware password strength, tenant permission matrix, consent records, admin impersonation banner, and account-lockout card. Bonus: a composed full auth-console route.

Production answer

Account security primitives is a reusable Oak Flats Muffler Men UI primitive with documented states, accessibility expectations, theme behavior, and implementation evidence.

Primary CTAReview Account security primitives states

Generative search brief

Account security primitives: Fourteen deep account-security surfaces for Oak Flats Mufflermen — MFA enrolment, SSO provider config, magic-link status, passkey management, session manager, auth audit feed, recovery codes, trusted devices, login-attempt meter, HIBP-aware password strength, tenant permission matrix, consent records, admin impersonation banner, and account-lockout card. Bonus: a composed full auth-console route.

Auth deep · accessibility-critical · masked by default

MFA enrolment card

Wizard-style multi-factor enrolment — TOTP, SMS, email, security-key + backup codes.

SSO provider row

Provider row for Google Workspace, Okta, Entra ID — JIT, sync, masked client ID.

Magic link status

Magic-link sent confirmation with masked email, countdown and inbox shortcut.

Passkey management

WebAuthn device list with transport, last-used, revoke and add-passkey CTA.

Session manager

Active sessions table with device, geo, risk tone, current-device badge, revoke.

Audit log feed

Authentication audit feed — login, MFA, password, permission, impersonation events.

Recovery codes

One-time recovery codes — show-once, download, print, regenerate, used tracker.

Device trust row

Trusted device row with scope, fingerprint, extend/remove actions.

Login attempt meter

Failed-login meter with threshold ticks, lockout countdown, admin reset.

Password strength + HIBP

Five-rule strength meter with Have-I-Been-Pwned breach chip and reveal toggle.

Tenant permission matrix

Scope × verb matrix — toggle grants, admin inheritance, accessible legend.

Consent record row

Terms / privacy / marketing consent row with version, IP, withdrawal action.

Impersonation banner

Admin-impersonating-user banner with reason, elapsed time and auto-exit timer.

Account lockout card

Locked-account card with reason, incident ref, recovery options, admin unlock.

Full auth console

Composes MFA, SSO, magic links, passkeys, sessions, audit, recovery, devices, lockout, strength, permissions, consent, impersonation, lockout card.