Administrators
Manage the administrators who have access to your Containment.AI dashboard, control their permissions, and invite new team members.
Accessing Administrators
- Go to Settings
- Click the Administrators tab
- View and manage administrators and their permissions
Admin List
The admin list shows:
| Column | Description |
|---|---|
| Name | Admin's display name |
| Work email address | |
| Role | Permission level |
| Status | Active, Pending, or Inactive |
| Last Active | Most recent login |
Inviting Admins
Send Invitation
- Click Invite Admin
- Enter email address
- Select role/permissions
- Click Send Invitation
Invitation Email
The new admin receives:
- Welcome message
- Dashboard link
- Setup instructions
- Organization name
Invitation Status
| Status | Description |
|---|---|
| Pending | Invitation sent, awaiting action |
| Accepted | Admin completed setup |
| Expired | No action after 7 days |
Admin Roles
Built-in Roles
| Role | Capabilities |
|---|---|
| Owner | Full access, can't be removed |
| Admin | Full access except billing |
| Analyst | View and manage alerts |
| Viewer | Read-only access |
Role Permissions Matrix
| Permission | Owner | Admin | Analyst | Viewer |
|---|---|---|---|---|
| View dashboard | Yes | Yes | Yes | Yes |
| Manage alerts | Yes | Yes | Yes | - |
| Configure policies | Yes | Yes | - | - |
| Manage users | Yes | Yes | - | - |
| Manage admins | Yes | Yes | - | - |
| Manage billing | Yes | - | - | - |
| Delete organization | Yes | - | - | - |
Granular Permissions
The Administrators tab also lets you configure granular permissions for each admin:
Permission Categories
| Category | Permissions |
|---|---|
| Billing | View and manage billing |
| Policy Admin | Create, edit, and manage policies |
| User Admin | Manage end users and invitations |
| Audit Viewer | View audit logs and activity |
Assigning Permissions
- Click an admin to open their detail drawer
- View or modify their assigned permissions
- Toggle individual permission categories
- Save changes
Custom Roles
EnterpriseCreate custom roles with specific permissions:
- Click Create Role
- Enter role name and description
- Select permissions
- Save
Example Custom Roles
Security Analyst
- View alerts and acknowledge/resolve them
- View audit logs and export data
- View policies and users (read-only)
Policy Admin
- Full policy management
- View alerts and users
- View integration settings
Managing Admins
Change Role
- Click the admin's row
- In the detail drawer, click Edit Role
- Select new role
- Save changes
Deactivate Admin
- Click the admin's row
- Click Deactivate
- Confirm action
Deactivated admins:
- Cannot sign in
- Lose dashboard access
- Can be reactivated later
Remove Admin
- Click the admin's row
- Click Remove
- Confirm removal
Removed admins:
- Lose all access
- Must be re-invited to regain access
- Audit history preserved
Transfer Ownership
As owner, transfer to another admin:
- Go to Settings > Account
- Find Transfer Ownership
- Select new owner
- Confirm with your password
Admin Activity
View admin actions:
- Go to Activity
- Filter by actor type: "Admin"
- See all admin actions
Tracked actions:
- Logins and logouts
- Configuration changes
- Alert management
- User actions
Security
Session Management
Admins have secure sessions:
- Automatic timeout after inactivity
- Secure token storage
- Device tracking
Multi-Factor Authentication
EnterpriseRequire MFA via SSO:
- Configure in your IdP
- Enable SSO enforcement
- All admins must use MFA
Troubleshooting
Admin Can't Sign In
- Check admin status is "Active"
- Verify email address
- Try password reset
- Check SSO configuration (if used)
Wrong Permissions
- Review assigned role
- Check granular permissions in detail drawer
- Verify role inheritance
- Contact owner if needed
Invitation Not Received
- Check spam folder
- Verify email address
- Resend invitation
- Check email delivery
Best Practices
Least Privilege
- Assign minimal necessary permissions
- Use Viewer role when appropriate
- Review permissions regularly
Access Reviews
- Audit admin list quarterly
- Remove inactive admins
- Verify role appropriateness
Documentation
- Document who has access
- Note why each admin needs access
- Track permission changes
Related Topics
- Audit Logs - Track admin actions
- SSO - Enterprise authentication
- Account Settings - Organization settings