Global Admin Control Plane

This page is for deployment operators. It is not part of the tenant user navigation.

The control plane is optional and only available when enabled in server configuration.

What It Is

The Global Admin control plane lets operators manage tenant policy data:

• Plan
• Paid status
• Credential limit

Tenant users do not access this interface.

Enablement Requirements

Control plane routes are mounted only when all required environment variables are configured:

• CONTROL_PLANE_DB_PATH
• GLOBAL_ADMIN_PATH
• GLOBAL_ADMIN_SESSION_KEY
• GLOBAL_ADMIN_TOTP_KEYS
• GLOBAL_ADMIN_TOTP_ACTIVE_KEY

When enabled, login is available at:

• {GLOBAL_ADMIN_PATH}/login

Authentication Flow

Global Admin requires MFA:

1. Sign in with email and password at {GLOBAL_ADMIN_PATH}/login.
2. Complete TOTP setup at {GLOBAL_ADMIN_PATH}/totp-setup (first-time flow).
3. Verify MFA code at {GLOBAL_ADMIN_PATH}/totp.
4. Store recovery codes from {GLOBAL_ADMIN_PATH}/recovery.

Tenant Policy Management

After authentication:

• Tenant list: {GLOBAL_ADMIN_PATH}/tenants
• Tenant detail/edit: {GLOBAL_ADMIN_PATH}/tenants/{orgID}

Tenant policy updates are applied to app behavior, including credential limits shown in the tenant UI.

Notes

• This interface is intended for hosted SaaS operations.
• Keep GLOBAL_ADMIN_PATH non-obvious and protected by standard perimeter controls.