System administration
The superadmin console: users, modules, metastore, usage, and templates.
The admin console at /admin is where the deployment itself is managed — tenants, feature flags, shared catalogs, usage, and AI configuration. Most of it is superadmin-only, so if you're an organization admin you'll see a narrower, org-scoped slice. This article maps the console so you know what each entry does and who can reach it.
Who sees what
There are two audiences for /admin:
- Superadmins see the full system console — every screen below.
- Organization admins see an org-scoped view: their organizations and the per-org settings that come with them (covered further down).
Which view you're in isn't only about your account — superadmins can deliberately switch perspectives with the view-mode lens, described below.
The system screens
These live at the top of the admin sidebar and are superadmin-only unless noted.
| Screen | Sidebar subtitle | What it's for |
|---|---|---|
| Dashboard | System Overview | The landing view for the console. |
| Organizations | Manage Tenants | Every org (tenant) in the deployment, and the path into each one. |
| Metastore | Shared Catalogs | Shared catalog configuration that orgs can draw on. |
| All Users | User Directory | The system-wide user directory — create users and assign orgs. |
| Modules | Feature Flags | Toggle product modules and features on or off for the deployment. |
| Usage Metrics | Analytics & Reports | Aggregate usage across services (see Credits and billing). |
| LLM Templates | AI Model Config | Configure the AI model templates the product uses. |
All Users is the same screen the Users and permissions article reaches via Admin → All Users — it's where superadmins invite new users into the system.
Modules is worth calling out: a module toggled off here simply won't appear for users. That's why some features (Governance, for instance) are present in one deployment and absent in another.
The view-mode lens
Superadmins carry a built-in lens that switches the console between a super-admin view and an org-admin view. Flipping to the org-admin view shows roughly what a regular organization admin would see — handy for answering "why can't they reach X?" without juggling a second account.
It's a lens, not full user impersonation, and the choice is remembered per browser tab, so you can keep one tab in each perspective.
Org-level administration
Open an org from Organizations and you get that org's own admin area. This is the slice organization admins live in, and it includes:
- Projects and Users — the org's projects and membership.
- Connectors — connectors configured at the org level.
- Global OAuth Connections — shared OAuth setups reused across the org.
- Pipeline Templates — reusable pipeline starting points.
- Auditing — the org's audit trail.
- Settings — org configuration (and, on SaaS, account deletion for org admins).
- Billing & Subscription — visible when metered billing is enabled for the deployment.
Connector badges you'll see
Two runtime badges on connectors trace back to system-level configuration, so they're worth knowing here:
- Managed — a connector configured once at the org level that cascades down to projects. Each project gets a toggle for whether it uses the managed connector, so the org sets it up and projects opt in.
- Service Account — a connector that points at a metastore-level service account rather than carrying its own credentials. These come from the shared Metastore configuration above.
The system console is intentionally locked down. If you're an org admin and a screen here looks empty or missing, it's almost always because it's superadmin-only — not a bug.