Admin Guide¶
The Admin Guide covers platform administration tasks for Admin and Super Admin roles, including user management, role assignment, deployment, monitoring, and backup procedures.
Who Should Read This¶
| Role | Access Level |
|---|---|
| Admin | Full tenant management — users, policies, agents, audit, HITL |
| Super Admin | Cross-tenant platform administration, tenant provisioning |
Permission boundaries
Admins operate within their tenant. Super Admins can manage all tenants and assign any role including super_admin.
Admin Responsibilities¶
flowchart LR
A[Admin Tasks] --> B[User Management]
A --> C[Role Assignment]
A --> D[Deployment]
A --> E[Monitoring]
A --> F[Backup & Recovery]
B --> G[users.md]
C --> H[roles.md]
D --> I[deployment.md]
D --> L[sso.md]
D --> M[siem.md]
E --> J[monitoring.md]
F --> K[backup.md]
Quick Reference¶
| Task | Guide | Minimum Role |
|---|---|---|
| Create/manage users | Users | Admin |
| Assign roles | Roles | Admin |
| Deploy to production | Deployment | Admin |
| Configure SSO | SSO | Super Admin |
| Configure SIEM export | SIEM | Super Admin |
| Monitor platform health | Monitoring | Admin |
| Backup database | Backup | Admin |
| Create tenants | Deployment | Super Admin |
| Manage API keys | Users | Admin |
Tenant Provisioning¶
Super Admins create new tenants with the admin API key:
curl -X POST http://localhost:8000/api/v1/tenants \
-H "X-Admin-Key: <admin-api-key>" \
-H "Content-Type: application/json" \
-d '{
"name": "acme-corp",
"settings": {"timezone": "UTC"}
}'
The response includes:
id— tenant UUIDname— display nameapi_key— tenant API key (save immediately)
Default policies (GDPR, HIPAA, FZ-152) are seeded automatically on tenant creation.
Initial Setup Checklist¶
After deploying AegisAI, complete these admin tasks:
- [ ] Change
SECRET_KEYandSUPER_ADMIN_PASSWORD - [ ] Change
ADMIN_API_KEYfrom defaultadmin-key - [ ] Change
WEBHOOK_SECRETfrom default - [ ] Create tenant(s) for each organization
- [ ] Create admin users for each tenant
- [ ] Configure backup schedule (see Backup)
- [ ] Set up monitoring alerts (see Monitoring)
- [ ] Review and customize policy templates
- [ ] Run seed data or register production agents
Security Hardening¶
| Setting | Development | Production |
|---|---|---|
SECRET_KEY |
dev-secret-key-... |
256-bit random string |
ADMIN_API_KEY |
admin-key |
Strong random key |
ENVIRONMENT |
development |
production |
| HTTPS | Not required | Required (reverse proxy) |
| CORS | * |
Restrict to frontend origin |
| Default passwords | Enabled | Disabled / rotated |
Sections¶
- User Management — create, block, and delete users
- Roles & Permissions — RBAC role matrix
- Deployment — production deployment overview
- Monitoring — health checks and observability
- Backup & Recovery — database backup procedures
Related Documentation¶
- Deployment Guide — detailed deployment instructions
- Architecture — system design reference
- Troubleshooting — common issues