updated documentation

Infrastructure/Implementation Runbook.md

@@ -1036,4 +1036,241 @@ Up to 24 hours
 - [✔] DNS resolves correctly
 - [✔] Email received externally
 - [✔] Email sent externally
-- [✔] Deliverability validated
+- [✔] Deliverability validated
+
+### 3.18 Create Email Accounts
+
+**Objective**
+
+Provision internal user mailboxes in Fastmail so that:
+
+- Each employee has a company email (user@company.com)
+- Accounts align with Nextcloud users (identity consistency)
+- System ready for communication + notifications
+
+**Architectural Context**
+
+User identity is now split across:
+- Fastmail     → Email identity (user@company.com)
+- Nextcloud    → Application access (files, shares)
+
+**Step 1 - Define User List**
+
+Before creating accounts, confirm:
+| Name | Email Address |
+|-------|-----|
+| John Smith | jsmith@company.com |
+| Jane Doe | jdoe@company.com |
+| Operations | ops@company.com |
+
+Best Practices
+- Use simple, consistent naming (first initial + last name)
+- Avoid special characters
+- Reserve generic aliases (admin, info, support)
+
+**Step 2 - Access User Management**
+
+In Fastmail:
+```
+Settings → Users → Add User
+```
+
+**Step 3 - Create Individual User Accounts
+
+3.1 Enter user details
+
+For each user:
+```
+Username: jsmith
+Email: jsmith@company.com
+Full Name: John Smith
+Password: (temporary strong password)
+```
+
+3.2 Set password policy
+- Use strong temporary password
+- Require user to change on first login (recommended)
+
+3.3 Save user
+Repeat for all internal users.
+
+**Step 4 - Assign Roles & Permissions**
+
+Default (Recommended for Pilot)
+- Standard User (no admin privileges)
+
+Admin Accounts
+
+Only assign admin rights to:
+- System owner
+- IT/consultant (if required)
+
+**Step 5 - Create Aliases (Optional but Recommended)**
+Common aliases
+```
+admin@company.com
+info@company.com
+support@company.com
+```
+
+How to create
+
+In Fastmail:
+```
+Settings → Domains → company.com → Aliases
+```
+Example
+support@company.com → jsmith@company.com
+
+**Step 6 - Validate Each Account**
+6.1 Login test
+```
+https://app.fastmail.com
+```
+
+6.2 Send test email
+- Send to another internal user
+- Send to external address (e.g., Gmail)
+
+6.3 Receive test email
+- Receive from external sender
+- Confirm inbox delivery
+
+**Step 7 - Distribute Credentials**
+
+For each user, provide:
+- Email address
+- Temporary password
+- Login URL: https://app.fastmail.com
+- Instructions to change password
+
+**Validation Checklist**
+- [✔] All internal users created
+- [✔] Email addresses correct
+- [✔] Login verified for each user
+- [✔] Send/receive tested
+- [✔] Aliases created (if needed)
+- [✔] Credentials distributed securely
+- [✔] Usernames aligned with Nextcloud
+
+### 3.19 Create Nextcloud Users
+
+Objective
+
+Provision user accounts in Nextcloud aligned with your email identities so that:
+
+✔ Each internal user has access to the platform
+✔ Identity is consistent across email and Nextcloud
+✔ Permissions can be assigned cleanly in later steps
+Architectural Context
+
+You now have:
+
+Fastmail     → user@company.com (email identity)
+Nextcloud    → username (application identity)
+
+For this pilot:
+
+✔ Keep usernames identical (jsmith ↔ jsmith@company.com)
+Prerequisites
+[✔] Nextcloud deployed and accessible (Task 3.15)
+[✔] HTTPS working: https://drive.company.com
+[✔] Admin account available
+[✔] Email accounts created (Task 3.18)
+🌐 Step 1 — Log into Nextcloud as Admin
+
+Open:
+
+https://drive.company.com
+
+Login:
+
+Username: admin
+Password: (from .env)
+⚙️ Step 2 — Navigate to User Management
+
+In Nextcloud UI:
+
+Top-right avatar → Users
+➕ Step 3 — Create Users
+3.1 Enter user details
+
+For each user:
+
+Username: jsmith
+Display Name: John Smith
+Email: jsmith@company.com
+Password: (temporary strong password)
+3.2 Assign groups (recommended)
+
+Create group:
+
+internal
+
+Assign all internal users to this group.
+
+3.3 Save user
+
+Repeat for all internal users.
+
+🔐 Step 4 — Set Password Policy
+Recommended
+✔ Strong temporary passwords
+✔ Users change password on first login
+🧪 Step 5 — Validate User Access
+5.1 Login test (per user)
+
+Open new browser/private window:
+
+https://drive.company.com
+
+Login as user:
+
+✔ Successful login
+✔ Dashboard loads
+5.2 Basic file test
+
+As user:
+
+✔ Upload file
+✔ Create folder
+✔ Delete file
+🔄 Step 6 — Verify Admin Visibility
+
+Return to admin account:
+
+✔ All users listed
+✔ Group assignments correct
+✔ No duplicate usernames
+📧 Step 7 — (Optional) Configure Email Field
+
+Ensure each user has email set:
+
+jsmith → jsmith@company.com
+Why this matters
+✔ Enables sharing notifications
+✔ Required for password reset
+✔ Supports future SMTP integration
+🧠 Step 8 — Naming Consistency Check
+
+Ensure alignment:
+
+Email:     jsmith@company.com
+Nextcloud: jsmith
+Avoid
+✖ john.smith in one system and jsmith in another
+🔒 Step 9 — Security Considerations
+Enforce
+✔ Unique user accounts (no sharing)
+✔ Strong passwords
+✔ Minimal admin users
+Optional (future)
+✔ Enable 2FA in Nextcloud
+✔ Integrate SSO (future phase)
+✅ Validation Checklist
+[✔] All users created in Nextcloud
+[✔] Usernames match email identities
+[✔] Users can log in successfully
+[✔] File operations work for each user
+[✔] Groups assigned correctly
+[✔] Emails populated in profiles