Organization Settings

Overview

Organization settings control the fundamental configuration of your ASCEND deployment. These settings affect how your organization is displayed, how users authenticate, and what security policies are enforced. This guide covers all configurable options and their implications.

Prerequisites

org_admin or Super_Admin role
Access to Admin Console > Organization tab
Understanding of your security requirements

Step-by-Step Guide

Accessing Organization Settings

Log in to ASCEND with administrator credentials
Navigate to Admin Console from the sidebar
Click the "Organization" tab
Settings are displayed in editable form fields

Updating Basic Information

Organization Name
- Click the name field
- Enter your organization's display name
- This appears in:
  - UI header
  - Emails sent to users
  - Reports and exports
  - API responses
Organization Slug (Read-Only)
- Unique URL identifier
- Format: lowercase letters, numbers, hyphens
- Example: acme-corp for https://acme-corp.ascend.ai
- Cannot be changed after creation
Industry Classification
- Select from dropdown:
  - Financial Services
  - Healthcare
  - Technology
  - Retail
  - Manufacturing
  - Government
  - Other
- Used for:
  - Compliance report templates
  - Risk scoring adjustments
  - Industry-specific recommendations

Configuring Contact Information

Primary Contact Email
- Main administrative contact
- Receives:
  - System notifications
  - Security alerts
  - Billing communications
Support Email
- Technical support contact
- Receives:
  - Technical alerts
  - Integration notifications
  - Error reports

Configuring Security Settings

Require MFA for All Users
- Toggle checkbox to enable/disable
- When enabled:
  - All users must configure MFA
  - Login blocked until MFA setup complete
  - Uses TOTP-based authenticators
Enable SSO/SAML
- Toggle checkbox to enable/disable
- When enabled:
  - "Sign in with SSO" button appears on login
  - Requires IdP configuration (contact support)
  - Supports SAML 2.0 and OIDC
Session Timeout
- Enter value in minutes (5-1440)
- Users automatically logged out after inactivity
- Recommended values by compliance requirement:
  - PCI-DSS: 15 minutes
  - HIPAA: 15-30 minutes
  - General: 60 minutes

Saving Changes

Review all modified fields
Click "Save Changes" button
Wait for operation to complete
Success toast confirms update
Changes take effect immediately

Configuration Options

Basic Settings

Option	Description	Default	Constraints
name	Organization display name	Set at onboarding	1-255 characters
slug	URL identifier	Auto-generated	Read-only
domain	Primary domain	Not set	Valid domain format
email_domains	Allowed email domains	Not set	Array of domains
industry	Business sector	Not set	Predefined list
primary_email	Main contact	Admin email	Valid email
support_email	Support contact	Not set	Valid email

Security Settings

Option	Description	Default	Values
mfa_required	Enforce MFA	false	true/false
sso_enabled	Enable SSO	false	true/false
session_timeout_minutes	Auto-logout	60	5-1440
cognito_mfa_configuration	MFA policy	OPTIONAL	OFF/OPTIONAL/ON
password_policy	Password requirements	Cognito default	Object
allowed_ip_ranges	IP allowlist	Not set	CIDR array

Advanced Settings

Option	Description	Default	Access
stripe_customer_id	Billing identifier	Auto-generated	Read-only
cognito_user_pool_id	Identity pool	Provisioned	Read-only
owner_user_id	Organization owner	First admin	Admin only

Domain Configuration

Setting Allowed Email Domains

Restrict user registration to specific email domains:

{
  "email_domains": ["acme.com", "acme.io", "acme-corp.com"]
}

Benefits:

Prevents unauthorized user invitations
Enforces corporate email policy
Simplifies user verification

Domain Verification

For SSO and advanced features, domain verification may be required:

Add DNS TXT record provided by ASCEND
Request verification in Admin Console
Verification completes within 24-48 hours
Verified domains appear with checkmark

Timezone Configuration

Configure timezone preferences for your organization:

Setting	Description	Options
Display Timezone	Times shown in UI	User preference or org default
Report Timezone	Timestamps in exports	Organization setting
Audit Log Timezone	Event timestamps	UTC (stored), converted for display

Available Timezones:

America/New_York (Eastern)
America/Chicago (Central)
America/Denver (Mountain)
America/Los_Angeles (Pacific)
Europe/London (GMT)
Europe/Paris (CET)
Asia/Tokyo (JST)
Asia/Shanghai (CST)
Australia/Sydney (AEST)

API Reference

Get Organization Settings

GET /api/admin/organization
Authorization: Bearer <token>

Update Organization Settings

PATCH /api/admin/organization
Authorization: Bearer <token>
X-CSRF-Token: <csrf_token>
Content-Type: application/json

{
  "name": "Acme Corporation",
  "domain": "acme.com",
  "email_domains": ["acme.com"],
  "cognito_mfa_configuration": "ON",
  "session_timeout_minutes": 30
}

Response:

{
  "success": true,
  "message": "Organization updated",
  "changes": {
    "cognito_mfa_configuration": {
      "old": "OPTIONAL",
      "new": "ON"
    },
    "session_timeout_minutes": {
      "old": 60,
      "new": 30
    }
  }
}

Best Practices

Complete All Fields
- Fill in all contact information
- Set industry classification
- Configure domain restrictions
Security-First Configuration
- Enable MFA before adding users
- Set appropriate session timeouts
- Configure SSO for enterprise environments
Document Changes
- Note reasons for configuration changes
- Export audit logs regularly
- Maintain change management records
Regular Reviews
- Review settings quarterly
- Verify contact information
- Audit security configurations
Test Before Deployment
- Test MFA with pilot users
- Verify SSO configuration thoroughly
- Confirm session timeout behavior

Compliance Mapping

Setting	Compliance Standard	Requirement
MFA Required	PCI-DSS 8.3	MFA for remote access
MFA Required	HIPAA 164.312(d)	Unique user identification
Session Timeout	PCI-DSS 8.1.8	15-minute timeout
Session Timeout	HIPAA 164.312(a)(2)(iii)	Automatic logoff
Email Domains	SOC 2 CC6.1	Access provisioning
Audit Logging	SOX 302/404	Change tracking

Troubleshooting

Settings Not Saving

Issue	Cause	Solution
Button disabled	Missing required field	Complete all required fields
403 error	Insufficient privileges	Verify admin role
Validation error	Invalid format	Check field constraints
CSRF error	Stale session	Refresh page and retry

MFA Configuration Issues

Issue	Cause	Solution
Users not prompted	MFA set to OPTIONAL	Change to ON
Existing users unaffected	Already authenticated	Users prompted on next login
TOTP codes failing	Time desync	Verify device time

SSO Configuration Issues

Issue	Cause	Solution
SSO option missing	Not enabled	Toggle SSO in settings
Redirect fails	IdP not configured	Contact support
Users cannot login	Attribute mapping	Verify IdP configuration

Organization Overview - Organization concepts
General Settings - Console settings
User Management - User administration
Role Assignment - Permission management

Overview​

Prerequisites​

Step-by-Step Guide​

Accessing Organization Settings​

Updating Basic Information​

Configuring Contact Information​

Configuring Security Settings​

Saving Changes​

Configuration Options​

Basic Settings​

Security Settings​

Advanced Settings​

Domain Configuration​

Setting Allowed Email Domains​

Domain Verification​

Timezone Configuration​

API Reference​

Get Organization Settings​

Update Organization Settings​

Best Practices​

Compliance Mapping​

Troubleshooting​

Settings Not Saving​

MFA Configuration Issues​

SSO Configuration Issues​

Related​