Articles on: Security & Admin

Admin Tools

Admin Tools


This article explains the administrative screens and controls CJH provides (or should provide), best practices for tenant administration, and operational guidance for managing integrations.




Common admin functions

  • Tenant configuration & Integrations — Per-tenant settings for Mapbox, push providers, payment connectors, and feature flags. The Jobs Map doc shows per-tenant Mapbox configuration under Settings → Integrations. :contentReference[oaicite:6]{index=6}
  • User & role management — Invite users, assign roles (owner/admin/dispatcher/technician/accountant), and deactivate users.
  • Secrets & tokens dashboard — A controlled UI to add/update per-tenant public tokens and to trigger server-side secret rotations (actual secrets stored in the secret manager).
  • Activity log / audit UI — Show create/update/delete actions and admin changes (the repo logs property create/update to an activity log). Use this UI for quick audits and investigation. :contentReference[oaicite:7]{index=7}




Admin UI best practices

  • Least privilege: Show sensitive controls only to admin/owner roles.
  • Two-person controls: For destructive actions (rotate production keys, delete tenant data), consider two-person approval flows or a strong confirmation step.
  • Activity logging: Log every admin action with actor, timestamp, and a short reason for the change. The PropertyDialog code demonstrates logging activity on create/update. :contentReference[oaicite:8]{index=8}
  • Token management: Allow admins to update public tokens from the UI. For server-side secrets, provide an “upload” or “rotate” workflow that stores secrets in the secret manager.




Operational checklist for tenant admins

  • [ ] Configure Mapbox public token per-tenant and verify maps load. :contentReference[oaicite:9]{index=9}
  • [ ] Confirm push provider credentials & test push flows with a small pilot.
  • [ ] Verify payment connector is configured in test/sandbox and run a test transaction.
  • [ ] Review audit logs weekly for suspicious admin activity. :contentReference[oaicite:10]{index=10}




Troubleshooting & tips

  • If admins change a tenant token, provide a way to do a smoke test (map load, geocode request). Provide rollback capability if the change breaks production behavior.
  • Keep an admin-run “health check” page that validates integrations (Mapbox, payment provider, push provider, server functions).


Updated on: 10/01/2026

Was this article helpful?

Share your feedback

Cancel

Thank you!