1. Fast decision
User sees exactly two primary actions: sign in or create account.
M1 entry experience / OIDC-first
One front page that sends every user to the right secure flow.
Clear entry for login, registration, and organization setup. Built for Keycloak, step-up identity (ID0-ID3), and reason-code transparency from day one.
OIDC + PKCEStep-up awareCorrelation-friendly errors
CX priorities in this front page
Each block reduces confusion at first contact and after auth redirects.
2. Security explained
ID levels and step-up are framed as user benefit, not technical burden.
3. No dead ends
Support path and error context are visible before entering sensitive flows.
Lifecycle map (CONNECT / POWER / GROW)
Front page prepares users for the app shell and route model used in UI-g06.
CONNECT
Intent setup, org context, trust-room entry.
POWER
Step-up, signatures, evidence controls, policy-aware actions.
GROW
Operational continuity, integrations, and measurable outcomes.
Trust signals before login
Users see if SSO is available, which assurance tier may be required, and where to find correlation IDs when requests are denied by policy.