@if ($sessionLockedByOther)
Session locked
Onboarding is currently locked by {{ $sessionLockedByLabel ?? 'another user' }} @if (is_string($sessionLockedUntil) && $sessionLockedUntil !== '') (expires {{ $sessionLockedUntil }}). @endif You can view progress, but you can’t make changes unless you take over the lock.
@elseif ($hasSessionLock)
You have the lock
@if (is_string($sessionLockedUntil) && $sessionLockedUntil !== '')
Expires {{ $sessionLockedUntil }}.
@endif
@endif

Onboarding plan

This plan is shown before running any tasks.

    @foreach ($this->planTasks() as $task)
  • {{ $task['title'] }}
    Step {{ $task['step'] }}
    {{ $task['task_type'] }}
    • @endforeach
@if (! $canStartProviderTasks)
Missing permission
You can view onboarding, but running provider tasks requires additional permission.
@endif @if ($session?->current_step !== null && $session->current_step >= 4)

Consent

Ensure admin consent is granted for the required Microsoft Graph permissions before running tasks.

This wizard never shows secrets. Credentials remain managed by the provider credential store.

Create provider connection
@php $statuses = $this->latestEvidenceStatusByTaskType(); $verifyStatus = $statuses[\App\Support\Onboarding\OnboardingTaskType::VerifyPermissions] ?? 'unknown'; $verifySpec = \App\Support\Badges\BadgeCatalog::spec(\App\Support\Badges\BadgeDomain::OnboardingTaskStatus, $verifyStatus); $consentStatus = $statuses[\App\Support\Onboarding\OnboardingTaskType::ConsentStatus] ?? 'unknown'; $consentSpec = \App\Support\Badges\BadgeCatalog::spec(\App\Support\Badges\BadgeDomain::OnboardingTaskStatus, $consentStatus); @endphp

Step 4 tasks

Run verification tasks and review evidence-driven status.

Open task board
Verify permissions: {{ $verifySpec->label }} Consent status: {{ $consentSpec->label }}
@if (is_string($verifyPermissionsRunUrl) && $verifyPermissionsRunUrl !== '')
View run
@endif @if (is_string($consentStatusRunUrl) && $consentStatusRunUrl !== '')
View consent status run
@endif
@else

Provider connection

Create or select a provider connection before starting tasks.

This wizard never shows secrets. Credentials remain managed by the provider credential store.

Create provider connection
@endif