Z8Z8 Docs
Admin Guide

Platform Admin Dashboard

Manage cross-organization users, organizations, and platform-level operations

Overview

Platform admin access is separate from organization administration. Organization admins manage a single workspace. Platform admins operate across all organizations through /platform-admin.

Platform admin access should be limited to a very small group of trusted operators. Actions in this area affect the full tenant, not just one organization.

What Platform Admins Can Do

  • Review platform-wide users
  • Inspect organizations across the tenant base
  • Suspend or restore organizations when required
  • Review platform audit history and queue health where available
  • Access billing and platform settings surfaces when those features are enabled

Accessing The Dashboard

Open /platform-admin to reach the platform-scoped admin area. The current route set includes an overview dashboard plus dedicated pages for users, organizations, deployment diagnostics, worker queue operations, settings, and optional billing views. The worker queue view includes queue counts, scheduled cron jobs, recent executions, and failure and runtime duration trends plus stale job indicators.

The overview dashboard highlights platform-wide metrics such as total users, banned users, active organizations, and suspended organizations, with links into the related management pages.

Users

Use /platform-admin/users to search platform accounts by email, filter by status, ban or unban users, and inspect or revoke active sessions.

To support data protection, full user names are redacted by default in this cross-tenant view. Platform admins see a stable redacted user label plus the account email needed for operational lookup.

These actions are platform-scoped. They are not the same as adjusting a member's permissions inside one organization.

Organizations

Use /platform-admin/organizations to review organizations across the tenant base, search by name or slug, suspend organizations into read-only mode, restore them, or schedule deletion.

Suspension is useful when the organization should keep read-only visibility while changes are paused. Deletion is a separate action and should be treated as an operational decision with higher risk.

Deployment Diagnostics

Use /platform-admin/diagnostics to review safe deployment configuration and app-only service health. The page reports configuration presence, database connectivity, queue/Valkey health, worker queue summary, and billing readiness without exposing secret values.

Diagnostics are read-only. They do not inspect Kubernetes state and do not provide restart, rollout, or scaling controls.

Deployment diagnostics are not a deployment gate: operators must still verify runtime secrets such as BETTER_AUTH_SECRET through Phase or the deployment environment, because build verification can use a build-only auth secret fallback.

What Platform Admins Do Not Replace

Platform admin access does not replace normal organization settings workflows. Day-to-day payroll export, scheduling, member management, enterprise auth, and employee administration remain organization-scoped tasks handled inside that organization's own settings.

If you need to manage invitations, app access, social OAuth, or payroll settings for one customer workspace, use that organization's admin settings rather than /platform-admin.

SCIM remains organization-scoped: owners and admins configure it through Enterprise Identity Setup at /settings/enterprise/identity-setup, then verify provisioning after the identity provider pushes a test change. Platform admins should use the SCIM Provisioning guidance when coordinating customer rollout rather than configuring SCIM from /platform-admin.

Access Requirements

  • You must have a platform-level admin account.
  • The role is assigned outside normal organization settings workflows.
  • You still need an active account and valid session to enter /platform-admin.

Audit And Safety Notes

Platform admin actions are audit-sensitive. Use reasons for bans or suspensions consistently, and verify deletion options carefully before confirming them.

System Administration

Audit logs, notifications, health monitoring, demo data, and organization settings

Telemetry & Analytics

Understanding what data is collected and how privacy is protected

On this page

OverviewWhat Platform Admins Can DoAccessing The DashboardUsersOrganizationsDeployment DiagnosticsWhat Platform Admins Do Not ReplaceAccess RequirementsAudit And Safety NotesRelated Documentation