Admin Panel1 min read

Admin Panel — Overview

Operator account management — invite teammates, manage roles, mint API keys, configure SSO, view the audit log. The first place you visit on a new tenant.

Docs  Admin Panel  Overview

Admin Panel is the operator-account control room. Invite your team, set their roles, mint API keys for your services, configure SSO, manage feature flag visibility, and audit who did what. It opens from the tenant popover at the bottom of the sidebar — not a top-level nav item, because it's configuration, not day-to-day work.

What Admin Panel is for#

Operator identity, operator access, and operator self-service. It does NOT manage your customers (Storefront → Customers does that), and it does NOT manage your subscriptions (Pricing Studio → Subscriptions). Admin Panel is purely for the humans who run your Aforo tenant.

Pages in this section#

Quickstart

Five steps to ship your first event from a fresh account. Most teams complete it in under an hour.

Open

Admin Panel

The nine-tab operator console: Members, Tenant Config, API Keys, SSO, Audit Log, Categories, Your Features, Active Sessions, Admin Alerts.

Open

The nine Admin Panel tabs#

Inside the console the Admin Panel is a single page with nine tabs. Each tab owns one slice of operator administration:

TabWhat it does

MembersInvite teammates, change their role (Owner / Admin / Member / Developer / Billing Admin / …), remove access.

Tenant ConfigDisplay name, region, default currency, default locale, branding for emails.

API KeysMint operator-side API keys (separate from customer-facing keys). Rotate, scope, revoke.

SSOSAML / OIDC configuration for federated login. Map IdP groups to Aforo roles.

Audit LogImmutable record of operator actions. Filter by actor, time, target. Export CSV for a security review.

CategoriesCustom product categories your team uses to organize the catalog.

Your FeaturesPer-tenant view of which platform features are enabled, with stage labels (GA / BETA / ALPHA).

Active SessionsSee every active operator session. Force-logout a session if you suspect a stolen token.

Admin AlertsInternal alert routing — which operator email addresses receive which alert family.

 INFO

SCIM auto-provisioning lives one section over in . SSO authenticates an existing user; SCIM creates and removes the user from your IdP automatically.

Who can do what#

Admin Panel itself is role-gated. Common roles and what they can change here:

RoleCan modify

OwnerEvery tab. Only role that can transfer ownership or delete the tenant.

AdminEvery tab except Owner-only destructive actions (tenant delete, ownership transfer).

DeveloperAPI Keys (own keys), Audit Log (read-only). Cannot invite members or change SSO.

Billing AdminTenant Config (billing fields), Audit Log (read). Read-only on Members.

MemberAudit Log (own actions only). Read-only on most tabs.

When SSO is on

Roles are mapped from IdP groups. Changing a user's role in Admin Panel only sticks until the next IdP sync — for SSO-managed tenants, change the group in your IdP and let SCIM / next-login resolve the role.

Governance → SCIM Provisioning — auto-provision portal users from your IdP.
Governance → Workspace Switching — one sign-in, every workspace you belong to.
Developer → Developer Hub — customer-facing API keys (separate from operator keys).
Operations → Alerts & Notifications — outbound event delivery (separate from Admin Alerts, which is internal operator email).