# Admin Portal

The developer portal contains an admin interface that superusers can access to view and modify information on developers, applications, accounts and more.

# Accessing the Admin Portal

Before being able to access the admin portal, a developer account must be granted superuser privileges with the following command:

sudo ke_manage_developers update --super-user y email@domain.com

The superuser account can then be used to log into the admin portal at https://appliance_hostname:8443/admin (or http://appliance_hostname:8080/admin without HTTPS configured) on the instance.

# Assigning Permissions

To assign a permission:

  1. Click on the developer’s ID to navigate to that developer’s page.
  2. Scroll to the “User permissions” section.
  3. Choose the corresponding permission from the left box to move it to the right box titled “Chosen user permissions”.
  4. Click the “Save” button.

Only a subset of the available permissions are actively in use. Permissions that you may assign to developers are listed below.

# Permissions

  • apimodels | developer | Can export OAuth token information. API requests for information on an account will return the OAuth token, token secret and third-party service’s account ID.
  • apimodels | developer | Can export OAuth refresh tokens. API requests for information on an account will return the OAuth refresh token. Requires permission to export OAuth token information.
  • apimodels | developer | Allow PowerShell RPC. Pass-through API requests that connect to Office 365 PowerShell are permitted.

# Appliance-wide Configuration

The configuration objects can be accessed via the "Configurations" link in the administrative portal. The following configuration values are available:

  • notifications_throttle_probability: A global value that determines what percentage of incoming notifications from upstream services will be dropped. This value should be set to a fraction in [0.0,1.0] (default: 0). It should be set to a high value (i.e. 1) in cases where the appliance is being overwhelmed by notifications or the polling interval for events is set sufficiently high that incoming notifications are of no use.

  • storage.files.create.ephemeral: The storage account used for temporary uploads like email attachments. The value is a JSON string with attributes:

    • account_id: the numeric Kloudless ID of the storage account.
    • parent_id: the Kloudless ID of the folder to upload temporary files to.

    We recommend using Amazon S3 for your temporary file upload location. Steps for this setup are provided in our guide to sending email with attachments using Amazon S3.

# Obtaining Bearer Tokens

Select any Account via the Accounts section and choose "Get access token for testing" via the dropdown to retrieve a temporary access token for that account for testing purposes.

# The admin activity log

The Log Entries section records Admin Portal activity such as retrieving bearer tokens and modifying or deleting records. Note that admins with access to the Kloudless command-line or database may modify or remove log entries directly.