Skip to main content

Overview

Super Admins are platform-level administrators who manage the Risk Legion multi-tenant environment. They have visibility across all enterprises for monitoring purposes but do not access client business data.
Super Admin is a privileged role with platform-wide access. It should only be assigned to WiseScore platform operators, not to client users.

Key Responsibilities

ResponsibilityDescription
Enterprise ManagementCreate and manage client enterprises
User ManagementCreate Client Admin users for enterprises
Platform MonitoringMonitor health and status of all enterprises
System AlertsManage and respond to platform-level alerts
Super Admin ManagementAdd/remove other Super Admins

Access Scope

What Super Admins CAN Access

Enterprise List

View all enterprises, their status, subscription tier, and high-level health metrics

Platform Health

Monitor system-wide health, performance metrics, and infrastructure status

User Management

Create Client Admin users and manage Super Admin accounts

System Alerts

View and respond to platform-level alerts and notifications

What Super Admins CANNOT Access

  • BRA Data - Cannot view Business Risk Assessments
  • Risk Scenarios - Cannot access enterprise risk libraries
  • Control Assurance - Cannot view control effectiveness data
  • Audit Logs - Cannot access enterprise-level audit trails
  • Business Data - No access to any client operational data
This separation ensures client data privacy and prevents platform operators from accessing sensitive business information.

Super Admin Dashboard

The Super Admin interface (/admin route) provides:

Enterprise Overview

MetricDescription
Total EnterprisesCount of all client organizations
Active EnterprisesOrganizations with active subscriptions
Enterprise HealthStatus indicators per enterprise
Recent AlertsPlatform alerts requiring attention

Enterprise Management

Creating a New Enterprise:
  1. Navigate to Admin → Enterprises
  2. Click Create Enterprise
  3. Fill in enterprise details:
    • Enterprise Name
    • Country
    • Registration Number
    • Subscription Tier
  4. Click Create
Managing Existing Enterprises:
ActionDescription
View DetailsSee enterprise metadata and health
EditUpdate enterprise information
DeactivateTemporarily disable enterprise access
View UsersList users in the enterprise

User Management

Creating a Client Admin:
  1. Navigate to Admin → Enterprises → [Enterprise Name]
  2. Click Add User
  3. Enter user email
  4. Select role: Admin
  5. Click Create
Super Admins can only create Client Admin users. Client Admins are responsible for creating Assessors and Reviewers within their enterprise.

Managing Super Admins

Super Admins can add other Super Admins:
  1. Navigate to Admin → Super Admins
  2. Click Add Super Admin
  3. Enter the user’s email
  4. Confirm the action
Adding a Super Admin grants full platform access. This action is logged and should be approved by platform governance.

System Health Monitoring

Health Check Endpoint

Super Admins can view the platform health status: 
GET /health
Response includes:
  • Backend API status
  • Database connectivity
  • Redis connectivity
  • External service status

Enterprise Health Dashboard

Monitor health across all enterprises:
IndicatorGreenYellowRed
Last Activity< 24 hours24-72 hours> 72 hours
Error Rate< 1%1-5%> 5%
User Count> 0 activeLow activityNo activity

Alert Management

Alert Types

Alert TypeDescriptionSeverity
Enterprise HealthIssues with enterprise connectivityMedium-High
AuthenticationLogin failures, suspicious activityHigh
PerformanceSlow responses, high latencyMedium
DataDatabase issues, storage warningsHigh
SystemInfrastructure problemsCritical

Responding to Alerts

  1. Navigate to Admin → Alerts
  2. Review alert details
  3. Take appropriate action
  4. Mark alert as resolved
  5. Add resolution notes

Audit and Compliance

All Super Admin actions are logged:
ActionLogged Details
Enterprise CreationEnterprise name, creation timestamp, creator
User CreationUser email, role, enterprise, creator
Enterprise DeactivationEnterprise, reason, timestamp
Super Admin AdditionAdded user, action by, timestamp
Alert ResponseAlert ID, action taken, responder

API Endpoints

Super Admin-only endpoints:
EndpointMethodDescription
/api/v1/admin/enterprisesGETList all enterprises
/api/v1/admin/enterprisesPOSTCreate enterprise
/api/v1/admin/enterprises/{id}PATCHUpdate enterprise
/api/v1/admin/enterprises/{id}/usersGETList enterprise users
/api/v1/admin/enterprises/{id}/usersPOSTAdd user to enterprise
/api/v1/admin/healthGETPlatform health status
/api/v1/admin/alertsGETList system alerts
/api/v1/admin/alerts/{id}PATCHUpdate alert status
/api/v1/admin/super-adminsGET/POSTManage Super Admins

Example: Create Enterprise

curl -X POST /api/v1/admin/enterprises \
  -H "Authorization: Bearer $SUPER_ADMIN_TOKEN" \
  -d '{
    "name": "ACME Corporation",
    "country": "US",
    "registration_number": "REG-12345"
  }'

Example: Add Client Admin

curl -X POST /api/v1/admin/enterprises/{enterprise_id}/users \
  -H "Authorization: Bearer $SUPER_ADMIN_TOKEN" \
  -d '{
    "email": "[email protected]",
    "role": "admin"
  }'

Best Practices

  • Only grant Super Admin to platform operators
  • Regularly review Super Admin list
  • Remove access when no longer needed
  • Use individual accounts, not shared credentials
  • Document all enterprise changes
  • Follow change approval processes
  • Test changes in staging environment
  • Communicate changes to affected parties
  • Review platform health daily
  • Respond to alerts promptly
  • Investigate anomalies
  • Maintain runbooks for common issues
  • Use strong authentication (MFA)
  • Access from trusted networks only
  • Regular security reviews
  • Report suspicious activity immediately