L0 platform operator console. Cross-tenant — every action is audited.
The session secret from the backend bootstrap (ADMIN_BOOTSTRAP_TOKEN), not an email.
High-risk roles (override_admin / platform_owner) require MFA, enforced server-side by the AdminAuthGuard.