Admin Settings

From Cetbix Documentation
Revision as of 00:12, 17 January 2026 by Richter (talk | contribs)
Jump to navigation Jump to search

Admin Settings

This page details the configuration options available to administrators for managing authentication, security, licenses, user permissions, and company settings within Cetbix.

---

Overview

Admin Settings centralize critical configuration for:

  • User access and identity management
  • Security controls (SSO, MFA)
  • Company & license provisioning
  • Role and permission administration
  • System defaults and feature toggles

Well-configured Admin Settings help protect your organization, streamline onboarding, and support compliance with security best practices.

---

1. Security Settings

1.1 Multi-Factor Authentication (MFA)

MFA adds a second layer of protection for user accounts.

Administrators can enable MFA for all users or specific roles:

  1. Navigate to Authentication → Settings
  2. Select the desired MFA method (TOTP, push, etc.)
  3. Configure enforcement scope (mandatory / optional)

Best Practice: Require MFA for all admin accounts to reduce risk of credential compromise. :contentReference[oaicite:0]{index=0}

1.2 Single Sign-On (SSO)

SSO allows users to authenticate using an external identity provider (IdP) such as Azure AD, Okta, or Google Workspace. :contentReference[oaicite:1]{index=1}

  1. Go to Authentication → SSO Settings
  2. Enter your SAML/OIDC configuration from your IdP
  3. Enable SSO and test with a non-admin user first

Note: Some services require SSO configuration before enabling MFA changes. :contentReference[oaicite:2]{index=2}

1.3 Multi-Layer Defense

Combining SSO with MFA supports layered defense — giving both identity federation and strong authentication. Administrators should:

  • Enable MFA before enforcing SSO
  • Test all authentication paths
  • Monitor login logs for unusual access patterns

---

2. Identity & Access Management

2.1 Roles and Permissions

Define clear roles with the minimum required privileges (principle of least privilege).

Recommended roles include:

  • Super Admin – Full system-wide access and security settings
  • Company Admin – Manage company users and licenses
  • User Admin – Manage user profiles and assignments

Best Practice: Limit the number of Super Admins to reduce exposure risk. :contentReference[oaicite:3]{index=3}

2.2 User Provisioning

Admins can add or import users and assign them to companies.

  1. Go to Employees → Add Paid User
  2. Enter user details
  3. Assign company and permission
  4. Save

Administrators should periodically review active accounts and remove unused or inactive ones.

2.3 User Deprovisioning

To remove a user:

  1. Employees → All Employees
  2. Locate user
  3. Select Delete

Ensure deprovisioning is tracked for audit purposes.

---

3. Company & License Management

3.1 Company Registration

To register a new company:

  1. Navigate to Enterprise Management → Register a Company
  2. Provide company details and select license
  3. Mark Active
  4. Save

Administrators can view and manage registered companies from the main company list.

3.2 License Assignment

Licenses can be obtained via the platform or through direct sales channels. It’s recommended to coordinate with sales before purchasing. Administrators should monitor license usage regularly.

---

4. System Defaults & Configuration

4.1 Company Defaults

Admin Settings include global defaults such as:

  • Date & time format
  • Default language
  • Branding options (logo, theme)

Ensure defaults meet your organization’s policies before deployment.

4.2 Security Defaults

Admins can configure:

  • Password complexity requirements
  • Session timeout values
  • Failed login lockout thresholds

Regularly review and harden these settings based on compliance requirements.

---

5. Audit & Monitoring

5.1 Activity Logs

Admins should enable and review logs for:

  • Login attempts (successful and failed)
  • SSO events
  • MFA enrolment and failures
  • Role/permission changes

Logging helps with compliance and incident response.

5.2 Notification Settings

Configure email alerts for:

  • New user creation
  • License changes
  • Privilege escalations

---

6. Best Practices

  • Enforce MFA for all admin accounts. :contentReference[oaicite:4]{index=4}
  • Use SSO with verified identity providers. :contentReference[oaicite:5]{index=5}
  • Limit number of high-privilege accounts. :contentReference[oaicite:6]{index=6}
  • Enable audit logging and alerting
  • Perform regular reviews of users, roles, and license utilization

---

Related Pages

Retrieved from "https://wikki.cetbix.net/index.php?title=Admin_Settings&oldid=233"