Admin Console Overview

Overview

The ASCEND Admin Console is a centralized management interface that provides organization administrators with complete control over their security governance environment. The console enables banking-level administration capabilities including user management, billing oversight, usage analytics, and compliance audit trails.

The Admin Console is accessible only to users with administrator privileges (org_admin role or Admin/Super_Admin access levels) and provides tools essential for enterprise security operations.

Prerequisites

To access the Admin Console, you must have one of the following:

Access Method	Description
`org_admin` role	Organization administrator flag enabled
`Admin` role	Full administrative access (access level 4)
`Super_Admin` role	Executive-level access (access level 5)
`approval_level >= 4`	RBAC hierarchy level 4 or higher

Users without these privileges will receive a "403 Forbidden" response when attempting to access admin routes.

Console Tabs

The Admin Console is organized into six primary tabs, each serving a distinct administrative function:

1. Overview Tab

The Overview tab provides a real-time snapshot of your organization's status:

Usage Alerts: Critical and warning banners for resource limits approaching thresholds
Real-time Status Indicator: System health, active users, pending actions, and API latency
Statistics Grid:
- Total Users count
- API Calls this month
- Days Remaining (for trial accounts)
Subscription Status: Current tier, status badge, and trial end date
Recent Activity Feed: Latest 5 organizational events

2. Organization Tab

Configure core organization settings:

Organization name and slug (read-only)
Industry classification
Primary contact and support email addresses
Security settings:
- MFA requirement toggle
- SSO/SAML enablement
- Session timeout configuration (5-1440 minutes)

3. Users Tab

Complete user lifecycle management:

User listing with search and filtering
Bulk operations (suspend, reactivate, role change, delete)
Individual user actions:
- Edit profile
- View activity log
- Suspend/reactivate
- Reset password
- Force logout
- Remove from organization
User invitation workflow with role assignment

4. Billing Tab

Subscription and payment management:

Current subscription tier and status
Billing period dates and pricing
Usage bars showing consumption vs. limits:
- Users
- API Calls
- MCP Servers
- Agents
Invoice history with download options
Plan upgrade functionality

5. Analytics Tab

Usage analytics and trends:

Configurable time period (7/30/90 days)
Key metrics cards:
- API Calls with trend
- Active Users
- Alerts Processed
- Rules Active
Time series charts for visual trend analysis
API usage by endpoint breakdown
Top users by activity leaderboard

6. Audit Log Tab

Compliance and security audit trail:

Complete event logging with timestamps
Event type filtering (login, invite, remove, API key operations, settings)
Time range filtering (24 hours to 90 days)
Search functionality
Export options:
- CSV format for spreadsheet analysis
- JSON format for programmatic processing

Configuration Options

Option	Description	Default
Organization Name	Display name for your organization	Set during onboarding
Industry	Sector classification for compliance	Not set
Session Timeout	Automatic logout after inactivity (minutes)	60
MFA Required	Enforce multi-factor authentication for all users	false
SSO Enabled	Allow single sign-on with identity providers	false

Security Features

The Admin Console implements banking-level security controls:

CSRF Protection: Double-submit cookie validation on all mutating operations
Rate Limiting: Strict limits on sensitive operations (10/minute for user creation/deletion)
Audit Logging: Every administrative action is recorded with user, timestamp, and IP address
IDOR Prevention: Organization-scoped queries prevent cross-tenant data access
Session Validation: Token version checking prevents session hijacking

Best Practices

Regular Audit Reviews: Export and review audit logs weekly to detect anomalies
Principle of Least Privilege: Assign minimum necessary roles to users
MFA Enforcement: Enable organization-wide MFA for enhanced security
Session Timeouts: Configure appropriate session timeouts based on security requirements
User Lifecycle Management: Promptly remove or suspend users who leave the organization
API Key Rotation: Establish a key rotation schedule (managed in Settings)

Compliance Standards

The Admin Console supports compliance with:

Standard	Coverage
SOC 2 Type II	CC6.1 (User management), CC6.2 (Access controls)
HIPAA	164.312(a)(1) - Access controls, 164.312(b) - Audit controls
PCI-DSS	7.1 (Access restriction), 8.3 (Authentication)
GDPR	Article 16 (Right to rectification), Article 17 (Right to erasure)
SOX	302/404 (Access controls and audit trails)
NIST 800-53	AC-2 (Account management), AU-6 (Audit review)

Navigation Guide - Detailed navigation instructions
General Settings - Configuration options
User Management Overview - User administration
Organization Settings - Organization configuration
API Key Management - API key administration

Overview​

Prerequisites​

Console Tabs​

1. Overview Tab​

2. Organization Tab​

3. Users Tab​

4. Billing Tab​

5. Analytics Tab​

6. Audit Log Tab​

Configuration Options​

Security Features​

Best Practices​

Compliance Standards​

Related​