Admin & Governance

Full control.
Zero complexity.
All from the UI.

Manage users, permissions, audits, SSO, PII, and platform health without writing a single line of code. Every governance control in one place — configurable by your admin in minutes.

Access Control
Who can do what.
Click to change it.

One permission matrix covers every module in the platform — with 4 tiers from Org Admin to Viewer. Edit it from the UI. It auto-syncs as new features ship. No stale rows, no manual updates.

  • Hard multi-tenant isolation — every API enforces scope at the route layer, not just the UI

  • Org Admins see all child tenants; Entity Admins stay scoped to their own — always

  • Matrix auto-syncs with your live tab list as new modules ship — never orphaned rows

  • Per-tenant feature flags — enable or disable any capability per tenant with one toggle

Audit trail
Every action.
Human-readable.
Always exportable.

60+ action types logged in plain English — not raw event codes. Every entry carries the actor’s identity, IP address, timestamp, and the exact target. Immutable, filterable, and CSV/PDF exportable.

  • Human-readable entries — “Deleted dashboard «Revenue Overview»” not raw event IDs

  • Auth events, data mutations, admin actions, and AI queries — all logged in one place

  • Immutable — nothing is ever deleted or modified from the audit trail, ever

  • Filter by action type, date range, actor, or target — exports match your current filter

  • Cross-tenant )A scope audit — every Org Admin scoped query logged with row count

SSO & Authentication
Enterprise SSO —
four providers,
one UI to configure.

Per-tenant SSO with JIT provisioning and role mapping. Microsoft Entra and Google are wired end-to-end. Okta and SAML 2.0 are ready to configure — no engineering work needed.

  • JWT + bcrypt with single-session enforcement — concurrent logins blocked per real user

  • 5-attempt brute-force lockout with 15-minute cool-off and full activity trail

  • JIT provisioning — new users auto-created and role-mapped on first SSO login

  • Per-tenant SSO — each tenant has its own identity provider and config

🪟

Microsoft Entra ID

OAuth 2.0 + OpenID Connect

Live · end-to-end
G

Google Workspace

OAuth 2.0 + OpenID Connect

Live · end-to-end

Safe Impersonation
Debug and support users
safely — always visible,
always logged..

Org Admins can step into any user’s session to troubleshoot issues inside the org. A sticky red banner ensures it’s always visible. A scoped JWT ensures they can’t exceed that user’s permissions. Every action is logged.

  • Sticky red banner — can’t be dismissed while impersonating; always visible across all page

  • Scoped JWT — impersonation token inherits the target user’s permissions exactly, no escalation

  • Full audit log entry on enter and exit — actor, target, tenant, every action taken

  • Org Admins can impersonate within their org only

  • One-click exit returns you to your original authenticated session instantly

Enterprise governance.
Zero friction.

See how Analyzio handles your compliance and access control requirements in a personalised demo.