# First Login Once the CMS has been deployed and initial configuration is complete, administrators and users can access the portal and API. The first login process establishes identity integration and sets the foundation for role-based access control (RBAC). [![image.png](https://docs.cloudaxis.cloud/uploads/images/gallery/2025-09/scaled-1680-/3KMimage.png)](https://docs.cloudaxis.cloud/uploads/images/gallery/2025-09/3KMimage.png) #### Accessing the Portal - Navigate to the portal URL: `https://` - Enter the credentials created during installation. - If Microsoft Entra ID or another identity provider is configured, you will be redirected to the provider’s login page. #### Default Roles The CMS uses a role-based access model to control permissions. The following roles are provided by default: - **Platform Administrator** Full system access, including tenant onboarding, subscription management, billing, pricing, and system configuration. - **Tenant Administrator** Scoped access to manage subscriptions, resources, and users within a single tenant. - **Partner Administrator** Scoped Access to commission and billing data for a partner’s downstream tenants. - **Distributor Administrator** Scoped Access to commission and billing data for a distributors' downstream partners and tenants. - **Platform User** Access to read all system data but cannot make any changes. - ****Tenant U**ser** Scoped access to read subscriptions, resources, and users within a single tenant. - ****Partner U**ser** Scoped Access to read commission and billing data for a partner’s downstream tenants. - ****Distributor U**ser** Scoped Access to read commission and billing data for a distributors' downstream partners and tenants. #### First-Time Setup On first login, the administrator should: 1. Change the default password or confirm federated login is enforced. 2. Configure additional administrators or delegated roles. 3. Verify role mappings if using federated identity providers.