Admin Management
Manage the administrators who have access to your Containment.AI dashboard and control their permissions.
Admin Overview
Administrators can:
- View the dashboard and alerts
- Configure policies
- Manage clients
- Access settings (based on permissions)
Accessing Admin Management
- Go to Settings
- Click Admins tab
- View and manage administrators
Admin List
The admin list shows:
| Column | Description |
|---|---|
| Name | Admin's display name |
| Work email address | |
| Role | Permission level |
| Status | Active, Pending, or Inactive |
| Last Active | Most recent login |
Inviting Admins
Send Invitation
- Click Invite Admin
- Enter email address
- Select role/permissions
- Click Send Invitation
Invitation Email
The new admin receives:
- Welcome message
- Dashboard link
- Setup instructions
- Organization name
Invitation Status
| Status | Description |
|---|---|
| Pending | Invitation sent, awaiting action |
| Accepted | Admin completed setup |
| Expired | No action after 7 days |
Admin Roles
Built-in Roles
| Role | Capabilities |
|---|---|
| Owner | Full access, can't be removed |
| Admin | Full access except billing |
| Analyst | View and manage alerts |
| Viewer | Read-only access |
Role Permissions Matrix
| Permission | Owner | Admin | Analyst | Viewer |
|---|---|---|---|---|
| View dashboard | ✓ | ✓ | ✓ | ✓ |
| Manage alerts | ✓ | ✓ | ✓ | ✗ |
| Configure policies | ✓ | ✓ | ✗ | ✗ |
| Manage clients | ✓ | ✓ | ✗ | ✗ |
| Manage admins | ✓ | ✓ | ✗ | ✗ |
| Manage billing | ✓ | ✗ | ✗ | ✗ |
| Delete organization | ✓ | ✗ | ✗ | ✗ |
Custom Roles
EnterpriseCreate custom roles with specific permissions:
- Go to Settings > Permissions
- Click Create Role
- Name the role
- Select permissions
- Save
See Permissions for details.
Managing Admins
Change Role
- Click the admin's row
- In the detail drawer, click Edit Role
- Select new role
- Save changes
Deactivate Admin
- Click the admin's row
- Click Deactivate
- Confirm action
Deactivated admins:
- Cannot sign in
- Lose dashboard access
- Can be reactivated later
Remove Admin
- Click the admin's row
- Click Remove
- Confirm removal
Removed admins:
- Lose all access
- Must be re-invited to regain access
- Audit history preserved
Transfer Ownership
As owner, transfer to another admin:
- Go to Settings > Account
- Find Transfer Ownership
- Select new owner
- Confirm with your password
Admin Activity
View admin actions:
- Go to Activity
- Filter by actor type: "Admin"
- See all admin actions
Tracked actions:
- Logins and logouts
- Configuration changes
- Alert management
- User actions
Security
Session Management
Admins have secure sessions:
- Automatic timeout after inactivity
- Secure token storage
- Device tracking
Forcing Logout
Force an admin to re-authenticate:
- Click the admin's row
- Click End Session
- Admin must sign in again
Multi-Factor Authentication
EnterpriseRequire MFA via SSO:
- Configure in your IdP
- Enable SSO enforcement
- All admins must use MFA
Troubleshooting
Admin Can't Sign In
- Check admin status is "Active"
- Verify email address
- Try password reset
- Check SSO configuration (if used)
Wrong Permissions
- Review assigned role
- Check custom permissions
- Verify role inheritance
- Contact owner if needed
Invitation Not Received
- Check spam folder
- Verify email address
- Resend invitation
- Check email delivery
Best Practices
Least Privilege
- Assign minimal necessary permissions
- Use Viewer role when appropriate
- Review permissions regularly
Access Reviews
- Audit admin list quarterly
- Remove inactive admins
- Verify role appropriateness
Documentation
- Document who has access
- Note why each admin needs access
- Track permission changes
Related Topics
- Permissions - Permission details
- Audit Logs - Track admin actions
- SSO - Enterprise authentication