What is the Admin Portal?
The Admin Portal is MagOneAI’s control plane, designed for IT teams, platform administrators, and SuperAdmins. It’s where you manage the entire deployment: organizations, users, LLM provider configurations, and security policies. If you’re responsible for governance, security, or multi-tenant management, the Admin Portal is your command center.Access to the Admin Portal is restricted to users with the SuperAdmin role. Organization Owners can manage their own organization but cannot access platform-wide settings.
Organization management
Organizations are the top-level tenant in MagOneAI. Each organization has completely isolated data, users, agents, workflows, and resources.Create and configure organizations
From the Admin Portal, you can:- Create new organizations — Set up separate tenants for different business units, customers, or teams
- Configure organization settings — Define organization name, metadata, and configuration
- Delete or archive organizations — Remove organizations when they’re no longer needed
Set resource quotas and usage limits
Control resource consumption at the organization level:- Workflow execution limits — Cap the number of concurrent or monthly executions
- Storage quotas — Limit knowledge base document storage
- User limits — Set maximum number of users per organization
- API rate limits — Define request limits for API-triggered workflows
Organization-level isolation
Every organization in MagOneAI is fully isolated:Data isolation
- Separate databases per organization
- No cross-org data access
- Independent encryption keys
Resource isolation
- Agents scoped to organization
- Workflows cannot reference other orgs
- Tools and knowledge bases are private
Multi-tenancy for enterprise deployments
MagOneAI’s architecture supports enterprise multi-tenancy:- Host multiple customers on a single deployment
- Each customer (organization) operates independently
- Central governance and monitoring from Admin Portal
- Per-org billing and usage tracking
User management
The Admin Portal gives you complete control over user access, roles, and permissions across the platform.Invite users to organizations
Add users to specific organizations:- Navigate to the organization in the Admin Portal
- Click Invite User
- Enter the user’s email address
- Assign a role (Org Owner, Org Member, or End User)
- User receives an invitation email with onboarding instructions
Assign roles and permissions
MagOneAI has a hierarchical role system:SuperAdmin
SuperAdmin
Platform-wide access. Can manage all organizations, users, LLM providers, and security policies. SuperAdmins have access to the Admin Portal and can create/delete organizations.
Org Owner
Org Owner
Organization administrator. Can manage users, projects, and resources within their organization. Org Owners can invite members and configure organization settings but cannot access other organizations.
Org Member
Org Member
Builder and developer. Can create and edit agents, workflows, tools, and knowledge bases within projects they have access to. Org Members use MagOneAI Studio to build and deploy AI workflows.
Project Owner
Project Owner
Project administrator. Has full control over a specific project, including member management, resource creation, and project settings.
Project Member
Project Member
Project contributor. Can create and edit resources within a specific project. Access is scoped to assigned projects only.
End User
End User
Consumer role. Can interact with deployed workflows via MagOneAI Hub (chat interface) but cannot access MagOneAI Studio or create/edit workflows.
SSO and enterprise identity
For enterprise deployments, MagOneAI supports:- SAML 2.0 integration — Connect to identity providers like Okta, Azure AD, or Google Workspace
- OAuth 2.0 — Social login and custom OAuth providers
- Just-in-time provisioning — Automatically create users on first login
- Group-based role assignment — Map SSO groups to MagOneAI roles
LLM provider configuration
MagOneAI supports multiple LLM providers, giving you flexibility in model selection and cost optimization.Add cloud providers
Configure access to cloud-based LLM providers:OpenAI
GPT-4, GPT-4 Turbo, GPT-3.5 Turbo
Anthropic
Claude Opus, Claude Sonnet, Claude Haiku
Gemini 1.5 Pro, Gemini 1.5 Flash
Configure private model endpoints
For organizations with self-hosted models:- Custom API endpoints — Point to your own LLM deployments
- Azure OpenAI — Use your Azure-hosted OpenAI instances
- AWS Bedrock — Connect to models hosted on AWS
- On-premise models — Integrate with self-hosted open-source models
Store API keys securely via HashiCorp Vault
Security is critical when managing LLM credentials:Add a new provider
Click Add Provider and select the provider type (OpenAI, Anthropic, Google, or Custom).
Enter credentials
Provide the API key or authentication credentials. These are never stored in the database — they’re sent directly to HashiCorp Vault.
Assign providers to specific organizations
Control which organizations have access to which models:- Global providers — Available to all organizations (e.g., a company-wide OpenAI account)
- Organization-specific providers — Restricted to one organization (e.g., a customer brings their own API key)
- Model-level control — Enable specific models (e.g., only GPT-4 Turbo, not GPT-4)
Cost optimization strategies
Use the Admin Portal to implement cost controls:- Assign cheaper models (GPT-3.5, Claude Haiku) to specific organizations
- Set per-organization provider defaults
- Monitor usage and adjust provider assignments based on consumption
Security policies and governance
The Admin Portal provides centralized security management for your entire MagOneAI deployment.Data encryption policies
- Encryption at rest — All data (workflows, execution logs, knowledge bases) is encrypted in the database
- Encryption in transit — TLS/SSL for all API and web traffic
- Key management — Integration with HashiCorp Vault for centralized key management
API key management
- Centralized credential storage — All API keys (LLM providers, tool integrations) stored in Vault
- Automatic rotation — Support for credential rotation without workflow downtime
- Least-privilege access — Workflows only access credentials they need
Audit log access
The Admin Portal provides comprehensive audit logging:- User activity — Track who created, edited, or deleted resources
- Workflow executions — Full execution history with input/output data
- API calls — Log all API requests for compliance
- Security events — Track authentication failures, role changes, and access attempts
Resource governance and quotas
Implement platform-wide governance:- Execution limits — Prevent runaway workflows from consuming resources
- Storage quotas — Control knowledge base and log retention
- Concurrent execution caps — Limit parallel workflow runs
- API rate limits — Protect the platform from abuse or accidents
Best practices for platform administration
Screenshots coming soon — The Admin Portal interface will be documented with visual guides in an upcoming update. In the meantime, explore the portal directly or contact support for a walkthrough.