The default admin account
On first boot, Zepeed creates a default admin account using these environment variables (see Environment Variables):| Variable | Default |
|---|---|
DEFAULT_ADMIN_NAME | Zepeed Admin |
DEFAULT_ADMIN_EMAIL | admin@zepeed.local |
DEFAULT_ADMIN_PASSWORD | (required, min 8 chars) |
Sign in
Navigate to yourAPP_URL and enter your email and password on the login screen. On success, Fortify issues a session cookie and redirects you to the dashboard.
If authentication fails, double-check:
- The email and password match the credentials you set in
.env. APP_URLin.envmatches the URL you opened in the browser (required for session cookies).- Your browser accepts cookies from the Zepeed domain.
Update your profile
From Profile Settings any signed-in user can:- Change their display name and email.
- Change their password (Fortify requires the current password).
- Sign out of other browser sessions.
- Delete their account (if account deletion is enabled).
Reset a password from the CLI
If email isn’t working, use the built-in artisan command to reset any user’s password interactively:- Email address — Must match an existing user. The command validates that the address is registered before continuing.
- New password — Entered securely (input is hidden).
Sessions
Fortify manages sessions using signed cookies. From Profile Settings → Browser Sessions you can:- View all active sessions for your account, including IP address and browser.
- Sign out individual sessions remotely.
- Sign out of every session except the current one.
API tokens
For programmatic access, generate API tokens instead of using session cookies. See API reference — Authentication.Best practices
Rotate the default admin password
Change it on first sign-in. The default values in
.env are well-known.One account per person
Don’t share accounts — it breaks the audit trail and session management.
Use a reverse proxy with TLS
Always serve Zepeed over HTTPS in production. Session cookies are not safe over plain HTTP.
Revoke unused API tokens
Audit and revoke API tokens from Settings → API Tokens when they’re no longer needed.
Related pages
- Environment Variables — Default admin account settings.
- Email notifications — Required for password resets.
- API reference — Token-based authentication for integrations.