Turn member access on.

A short operating checklist for the IWHF Supabase auth layer: redirects, first account, admin bootstrap, approval, then desk testing.

Local statusChecking browser auth wiring.

Allow redirect URLs in Supabase.

Add the local, Pages, preview, and production wildcard URLs in Authentication URL Configuration before testing email links.

Open Supabase

Use the local auth page to create the founder account. New accounts are intentionally pending until approved.

Create founder account Magic link sign in

Run the generated SQL once in Supabase SQL Editor. After this, the browser approval console handles future users.

Open SQL Editor

From an active admin session, set `access_status` to active and choose founder, donor, program, or admin role.

Open approvals

Promote seeded records to verified, correct deadlines and source URLs, or archive stale opportunities from the admin catalog editor.

Open catalog editor

Founder/program/admin should enter the founder desk. Donor/admin should enter the donor desk. Pending users should remain blocked.

Founder desk Donor desk

Type the email used on the first IWHF auth account, then copy this SQL into Supabase.

First admin email

Run QA

No service-role key is used in the browser. This only prepares SQL for the Supabase dashboard.