KehitysSuper-admin console
Mock mode
K15 · Step-up

Confirm sensitive action.

Central re-prompt for destructive and cross-tenant actions. The cache here is short-lived; chained actions can reuse it for up to ~15 minutes. Each confirm writes a new audit row.

Cache state

Pending queue

Reason library

Recent audit

Cache

9m

Window expires 25 May 2026, 10:09.

Pending

02

Awaiting confirmation.

Reasons

05

Distinct step-up reason codes.

Audit · 30d

03

Confirmed step-ups in the rolling window.

Cache state

What's currently authorised.

Actor

founder@kehitys.se

Acquired at

25 May 2026, 09:54

Expires

25 May 2026, 10:09 · ~9 minutes remaining

Method

TOTP (paste + password-manager autofill allowed)

Scope
Bound to actor session
Re-prompts on tenant change
Pending queue

Pick an action to confirm.

Each row re-shows the action's identity context (tenant, scope, reason code). Confirmation writes a new audit row and unlocks the action.

Confirm step-up

Sub-processor notice dispatch

Step-up required
Typed confirm required

Send a 30-day controller-notice email to every tenant DPO. Cannot be cancelled once dispatched.

Identity re-show

Scope: Sentry 30-day notice → 3 tenant DPOs

Publicis Sweden — Centenary 100 · publicis · ID 11111111-1111-1111-1111-111111111111

Ericsson — 150 Years · ericsson-150 · ID 11111111-1111-1111-1111-111111111112

Nordic Gala 2027 · nordic-gala · ID 11111111-1111-1111-1111-111111111113

Min 10 characters. Persisted to the audit log alongside actor + IP + timestamp.

Six digits. Paste + autofill are allowed (WCAG §3.3.8).

Reason library

What requires step-up.

Reference list of every reason code the platform issues. Adding a code requires a PRD change + audit review.

tenant.lifecycle_override

Tenant lifecycle override

Move a tenant to a new lifecycle state (draft / configuring / pre-launch / live / wound-down / archived). Requires typed-confirm of the tenant slug.

Typed-confirm + reason
tenant.read_pii

Cross-tenant PII read

Inspect a guest's full record on behalf of a tenant during an incident or DPO request. The read is itself audit-logged (audit-of-audit).

Reason field only
workflow.replay_all

Workflow replay (all-tenant)

Replay a workflow for every affected tenant. Reserved for vendor incident remediation.

Typed-confirm + reason
subprocessor.notice_dispatch

Sub-processor notice dispatch

Send a 30-day controller-notice email to every tenant DPO. Cannot be cancelled once dispatched.

Typed-confirm + reason
dpia.approve

Approve / reject tenant DPIA

Move a tenant DPIA out of in-progress. Reason field is captured into the audit log + the DPIA record.

Reason field only
Recent step-up audit

Confirmed step-ups in the rolling window.

Tenant lifecycle override

Publicis Sweden — configuring → pre-launch

founder@kehitys.se · 20 May 2026, 18:00

DPIA cleared. Move to pre-launch ahead of seed-list test.

Confirmed
Cross-tenant PII read

Anders Lindqvist — guest_lists row

ops@kehitys.se · 24 May 2026, 18:42

Bounce-spike investigation; verify mailbox status.

Confirmed
Workflow replay (all-tenant)

email_burst_publicis_save_the_date

ops@kehitys.se · 23 May 2026, 17:14

Resend 5xx flake — single-batch replay.

Confirmed