Admin overview

Manage users, roles, and governance settings.

Last updated:

Use Settings → Admin for team access, governance controls, and support request triage.

Users

Manage account access for team members.

Admin user detail includes a collapsed Record change history card for record-level audit events on the user record.

On narrower layouts, the Name column becomes the primary summary cell. When the standalone Status column is hidden, the user status badge folds into Name.

The Last sign-in column is populated from successful password and magic-link sign-ins. Invited users or users who have not signed in yet show no last sign-in timestamp.

Password sign-in enforces a 12-character minimum and requires at least one special character. New account passwords, admin-created temporary passwords, and password resets must satisfy the same policy.

Passwords expire after 365 days. Expired passwords must be rotated before MFA (multi-factor authentication) completion and before protected app access continues.

Inactive users cannot continue with an older signed session. Protected app routes destroy stale inactive-user sessions and return the browser to sign-in.

Forgot-password requests send a one-time password reset email for active accounts without revealing whether the submitted email address exists. A successful reset requires the current password policy, rejects reuse of the current password, invalidates other outstanding reset links for the user, and requires the user to sign in again.

New signup accounts must verify their email address before app access. Password sign-in, magic-link sign-in, password reset, API-key access, MFA setup, and protected routes all stop until the email address has been verified.

Magic-link sign-in sends a one-time email link to active, email-verified user accounts only. The browser receives the same confirmation message whether or not an account exists for the submitted email address.

Multi-factor authentication is enforced before app access. After password or magic-link verification, users must either set up authenticator-app TOTP (time-based one-time password) or enter their existing six-digit authenticator code before a full app session is created. First-time setup shows a locally generated QR code and the manual setup key.

Roles

Create and maintain permission sets for least-privilege access.

The Roles list supports status filtering plus sorting by name, code, status, and created date.

Admin role detail includes a collapsed Record change history card for record-level audit events on the role record.

Support requests

Review lightweight in-app support requests from signed-in users in the current customer workspace.

Admins can tag each request by status and category. Use Missing Eden answer, Missing docs, and Confusing UI categories as curated improvement signals for Eden guidance, documentation, and product polish. Request text is never fed into Eden automatically.

The ChannelWeave team triages requests in a separate internal queue. The customer admin queue only ever shows requests from your own workspace.

Events

Review admin and system activity history.

The Time value opens the event detail page. Event type badges are labels, not links. Warning-like rows are highlighted with a warning badge and left-hand accent, and the User column shows the team member name when the event is linked to a user rather than exposing the internal user UUID.