Skip to content

Admin Guide

The Admin Guide covers platform administration tasks for Admin and Super Admin roles, including user management, role assignment, deployment, monitoring, and backup procedures.

Who Should Read This

Role Access Level
Admin Full tenant management — users, policies, agents, audit, HITL
Super Admin Cross-tenant platform administration, tenant provisioning

Permission boundaries

Admins operate within their tenant. Super Admins can manage all tenants and assign any role including super_admin.

Admin Responsibilities

flowchart LR
    A[Admin Tasks] --> B[User Management]
    A --> C[Role Assignment]
    A --> D[Deployment]
    A --> E[Monitoring]
    A --> F[Backup & Recovery]
    B --> G[users.md]
    C --> H[roles.md]
    D --> I[deployment.md]
    D --> L[sso.md]
    D --> M[siem.md]
    E --> J[monitoring.md]
    F --> K[backup.md]

Quick Reference

Task Guide Minimum Role
Create/manage users Users Admin
Assign roles Roles Admin
Deploy to production Deployment Admin
Configure SSO SSO Super Admin
Configure SIEM export SIEM Super Admin
Monitor platform health Monitoring Admin
Backup database Backup Admin
Create tenants Deployment Super Admin
Manage API keys Users Admin

Tenant Provisioning

Super Admins create new tenants with the admin API key:

curl -X POST http://localhost:8000/api/v1/tenants \
  -H "X-Admin-Key: <admin-api-key>" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "acme-corp",
    "settings": {"timezone": "UTC"}
  }'

The response includes:

  • id — tenant UUID
  • name — display name
  • api_key — tenant API key (save immediately)

Default policies (GDPR, HIPAA, FZ-152) are seeded automatically on tenant creation.

Initial Setup Checklist

After deploying AegisAI, complete these admin tasks:

  • [ ] Change SECRET_KEY and SUPER_ADMIN_PASSWORD
  • [ ] Change ADMIN_API_KEY from default admin-key
  • [ ] Change WEBHOOK_SECRET from default
  • [ ] Create tenant(s) for each organization
  • [ ] Create admin users for each tenant
  • [ ] Configure backup schedule (see Backup)
  • [ ] Set up monitoring alerts (see Monitoring)
  • [ ] Review and customize policy templates
  • [ ] Run seed data or register production agents

Security Hardening

Setting Development Production
SECRET_KEY dev-secret-key-... 256-bit random string
ADMIN_API_KEY admin-key Strong random key
ENVIRONMENT development production
HTTPS Not required Required (reverse proxy)
CORS * Restrict to frontend origin
Default passwords Enabled Disabled / rotated

Sections