diff --git a/desktop/tests/e2e/specs/smoke_cross.spec.ts b/desktop/tests/e2e/specs/smoke_cross.spec.ts
index 859cddf..616330e 100644
--- a/desktop/tests/e2e/specs/smoke_cross.spec.ts
+++ b/desktop/tests/e2e/specs/smoke_cross.spec.ts
@@ -21,7 +21,12 @@ const SaaS_BASE = 'http://localhost:8080/api/v1';
 const ADMIN_USER = 'admin';
 const ADMIN_PASS = 'admin123';
 
-async function saasLogin(page: Page): Promise<string> {
+// Shared token — login once per worker to avoid rate limiting (5 req/min/IP).
+// Workers are isolated processes, so this is safe for parallel execution.
+let _sharedToken: string | null = null;
+
+async function getSharedToken(page: Page): Promise<string> {
+  if (_sharedToken) return _sharedToken;
   const res = await page.request.post(`${SaaS_BASE}/auth/login`, {
     data: { username: ADMIN_USER, password: ADMIN_PASS },
   });
@@ -31,7 +36,13 @@ async function saasLogin(page: Page): Promise<string> {
   }
   expect(res.ok()).toBeTruthy();
   const json = await res.json();
-  return json.token;
+  _sharedToken = json.token;
+  return _sharedToken;
+}
+
+// Keep saasLogin as alias for individual test clarity
+async function saasLogin(page: Page): Promise<string> {
+  return getSharedToken(page);
 }
 
 async function waitForDesktopReady(page: Page) {