General Settings Configuration

Overview

The General Settings section allows administrators to configure organization-wide preferences that affect all users and system behaviors. These settings control core aspects of your ASCEND deployment including identity, security policies, and session management.

Prerequisites

org_admin or Admin role
Access to the Admin Console
Understanding of your organization's security requirements

Accessing Settings

Navigate to the Admin Console
Select the "Organization" tab
Settings are organized into two sections:
- Organization Profile
- Security Settings

Step-by-Step Guide

Configuring Organization Profile

Set Organization Name
- Enter your organization's display name
- This appears in emails, reports, and the UI header
- Maximum 255 characters
View Organization Slug
- The slug is a URL-safe identifier (read-only)
- Used in URLs like https://your-slug.ascend.ai
- Set during initial onboarding and cannot be changed
Select Industry
- Choose from the dropdown:
  - Financial Services
  - Healthcare
  - Technology
  - Retail
  - Manufacturing
  - Government
  - Other
- Used for compliance report customization
Configure Contact Emails
- Primary Contact Email: Main administrative contact
- Support Email: Technical support communications
Save Changes
- Click the "Save Changes" button
- Wait for the success confirmation toast

Configuring Security Settings

Enable MFA Requirement
- Toggle "Require MFA for all users"
- When enabled:
  - All users must configure MFA on next login
  - Users cannot access the platform without completing MFA setup
  - Supports TOTP authenticator apps
Enable SSO/SAML
- Toggle "Enable SSO/SAML"
- When enabled:
  - Configure your identity provider (IdP) integration
  - Supports SAML 2.0 and OIDC protocols
  - Contact support for IdP configuration assistance
Set Session Timeout
- Enter timeout value in minutes (5-1440)
- After inactivity period, users are automatically logged out
- Recommended values:
  - High security: 15-30 minutes
  - Standard: 60 minutes
  - Extended: 120-480 minutes

Configuration Options

Option	Description	Default	Valid Range
Organization Name	Display name for your organization	Set at onboarding	1-255 characters
Organization Slug	URL-safe identifier	Auto-generated	Read-only
Industry	Business sector classification	Not set	Dropdown selection
Primary Email	Main contact email	Admin email	Valid email
Support Email	Technical support contact	Not set	Valid email
MFA Required	Enforce MFA for all users	false	true/false
SSO Enabled	Allow identity provider login	false	true/false
Session Timeout	Auto-logout after inactivity	60	5-1440 minutes

Security Settings Details

Multi-Factor Authentication (MFA)

When MFA is required at the organization level:

Setting	Behavior
OFF	MFA is optional for users
OPTIONAL	Users can enable MFA in their profile
ON	All users must have MFA enabled

MFA Enforcement Flow:

Administrator enables organization-wide MFA
On next login, users without MFA are prompted to set up
Users must complete authenticator app configuration
MFA challenge is required on every subsequent login

Supported MFA Methods:

Time-based One-Time Password (TOTP)
Compatible with Google Authenticator, Authy, 1Password, etc.

Single Sign-On (SSO)

SSO configuration allows integration with enterprise identity providers:

Supported Protocols:

SAML 2.0
OpenID Connect (OIDC)

Configuration Requirements:

IdP Metadata URL or XML
Entity ID
Assertion Consumer Service (ACS) URL
Certificate for signature validation

SSO Behavior:

When enabled, users see "Sign in with SSO" option
Password-based login remains available as fallback
User provisioning follows IdP attributes

Session Management

Session timeout controls when inactive users are automatically logged out:

Timeout Recommendations by Industry:

Industry	Recommended Timeout	Rationale
Financial Services	15 minutes	PCI-DSS compliance
Healthcare	15-30 minutes	HIPAA requirements
Government	15-30 minutes	NIST 800-53 guidance
Technology	60 minutes	Balance security and usability
General Business	60-120 minutes	Standard enterprise practice

Session Behavior:

Activity resets the timeout timer
Warning appears 5 minutes before timeout
Users can extend session when prompted
Token refresh maintains active sessions

API Reference

Get Organization Details

GET /api/admin/organization
Authorization: Bearer <token>

Response:

{
  "id": 1,
  "name": "Acme Corporation",
  "slug": "acme-corp",
  "domain": "acme.com",
  "subscription_tier": "business",
  "cognito_mfa_configuration": "OPTIONAL",
  "created_at": "2026-01-01T00:00:00Z"
}

Update Organization Settings

PATCH /api/admin/organization
Authorization: Bearer <token>
X-CSRF-Token: <csrf_token>
Content-Type: application/json

{
  "name": "Updated Organization Name",
  "session_timeout_minutes": 30,
  "cognito_mfa_configuration": "ON"
}

Response:

{
  "success": true,
  "message": "Organization updated",
  "changes": {
    "name": {"old": "Old Name", "new": "Updated Organization Name"},
    "cognito_mfa_configuration": {"old": "OPTIONAL", "new": "ON"}
  }
}

Best Practices

Document Settings Changes
- Keep a record of configuration changes and rationale
- Use audit log exports for compliance evidence
Test Before Enabling MFA
- Pilot with a small group of users first
- Ensure help desk is prepared for support requests
Plan SSO Rollout
- Coordinate with IT/Identity team
- Test with pilot users before organization-wide deployment
- Maintain password-based fallback during transition
Balance Security and Usability
- Shorter session timeouts improve security but may frustrate users
- Consider user workflows when setting timeout values
Regular Review
- Audit security settings quarterly
- Update settings as compliance requirements evolve

Troubleshooting

Settings Not Saving

Symptom	Possible Cause	Solution
Save button unresponsive	Missing CSRF token	Refresh page and retry
Error message displayed	Validation failure	Check field values meet requirements
Changes not persisting	Database connection issue	Contact support

MFA Issues

Issue	Solution
Users locked out after MFA enabled	Temporarily disable MFA, contact support
TOTP codes not working	Verify device time is synchronized
MFA setup not appearing	Clear browser cache, try incognito mode

SSO Configuration

Issue	Solution
SSO redirect fails	Verify IdP metadata URL is accessible
Users cannot log in via SSO	Check attribute mapping configuration
Certificate errors	Update IdP certificate in ASCEND settings

Admin Console Overview - Console features
Navigation Guide - Finding settings
User Roles - Permission levels
Organization Settings - Additional configuration

Overview​

Prerequisites​

Accessing Settings​

Step-by-Step Guide​

Configuring Organization Profile​

Configuring Security Settings​

Configuration Options​

Security Settings Details​

Multi-Factor Authentication (MFA)​

Single Sign-On (SSO)​

Session Management​

API Reference​

Get Organization Details​

Update Organization Settings​

Best Practices​

Troubleshooting​

Settings Not Saving​

MFA Issues​

SSO Configuration​

Related​