Skip to content

Mass self-onboarding

The coaching staff generates a single group link from /dashboard/onboarding-link and shares it via WhatsApp, QR, or any channel. Each player opens the link, recognizes themselves in the photo grid, confirms identity, and receives the email with the link to /auth/set-password to set their password.

This is the recommended flow for the initial onboarding of the full squad.

Before generating the link, load the players’ emails in Squad. If a player is missing an email, they can type it on screen when confirming identity — but if it’s pre-loaded, the flow is prank-proof: the email lands only in the real owner’s inbox.

  • Problem it solves: sending invites one by one to 30+ players is expensive manual work. The group link reduces it to a WhatsApp message in the squad group.
  • Typical use cases: initial onboarding of the full squad on CÉNIT contracting, bulk onboarding of youth players being promoted, credential rotation by rotating the token.
  • Plans that include it: all of them.
  • Differentiator: anti-spoofing via pre-loaded email avoids the “someone clicks another player’s photo and steals the account” mode without requiring SMS, ID, or extra OTP verification.

Head of Performance, Sporting Director, and S&C can generate and rotate the token. The public grid at /onboarding/[token] does not require login and serves any link visitor.

  1. Staff goes to /dashboard/onboarding-link. Only Head of Performance, Sporting Director, and S&C can enter — others are redirected to /dashboard.
  2. Click “Generate link”. If a link doesn’t yet exist, one is generated; if it already exists, the same one is shown (it doesn’t rotate automatically).
  3. Share the link via WhatsApp, QR, or whichever channel the club uses.
  4. Optionally: review /dashboard/onboarding-status to see how many players have already activated their account.
  1. Opens /onboarding/[token] → sees the grid of active squad players who haven’t yet activated their account.
  2. Clicks their photo → confirmation screen.
  3. The confirmation shows the masked email (e.g., p***********@example.com) if it was pre-loaded on the profile, or asks the player to type it if not.
  4. Click “That’s me” → the system sends an email with the activation link to the pre-loaded address (not to the input).
  5. The player receives the email, opens the link, sets their password on /auth/set-password, and is linked automatically.

If the link is leaked or the onboarding period has ended, regenerating the token from the same panel invalidates the old links. Players who already activated remain intact.

  • The player’s email is pre-loaded from Squad. If missing, the player types it on the confirmation.
  • The photo comes from the Squad profile; if missing, initials are shown.
  • What if I lose the link? Ask the S&C/HoP to resend it; it’s the same one for the entire squad.
  • What if I don’t receive the email? Check spam. If it doesn’t appear, confirm with the staff that the email loaded on your profile is the correct one.
  • Inactive player: does not appear in the grid.
  • Already-activated player: disappears from the grid.
  • Anti-replay: if two people click the same photo, the first one to set the password wins. The second attempt bounces.
  • Public grid: club logo and squad photos with jersey number and position. No login or installed app required.
  • Confirmation: shows the masked email or asks them to type it.
  • Invite email: subject “Activate your account — [Org]”.

The link is per organization; the email travels to the email pre-loaded in the player’s profile.

  • The coaching staff has to pre-load each player’s email in Squad before generating the link, or accept that the player types it manually (with weaker anti-spoofing guarantees).