Superadmin Panel

What is the Superadmin Panel?

The Superadmin Panel at admin.tawridy.com is the platform-level administration interface reserved exclusively for Tawridy platform operators. It provides complete oversight of all organizations, users, and subscriptions on the platform. From this panel, operators can create and manage organizations, view platform-wide statistics, manage users across every tenant, and even impersonate organization admins to troubleshoot issues or provide support without needing their credentials. The Superadmin Panel is separate from the organization-level Admin role and is not accessible to any regular platform user.

How It Connects

Direction	Module	Relationship
Out	Organizations	Create, edit, activate, and deactivate tenant organizations
Out	Users	View and manage user accounts across all organizations
Out	Subscriptions	Assign and modify subscription tiers and packages per organization
Out	Settings	Override or inspect organization-level settings when needed
In	All Organizations	Platform-wide statistics aggregated from all tenants

Step-by-Step Guide

Accessing the Superadmin Panel

1. Navigate to admin.tawridy.com in your browser.
2. Log in with your Superadmin credentials.
3. You land on the Platform Dashboard showing aggregate statistics.

Platform Dashboard

4. Review platform-wide metrics:
   • Total Organizations — count of all registered tenants.
   • Active Organizations — tenants with activity in the last 30 days.
   • Total Users — aggregate user count across all organizations.
   • Subscription Distribution — breakdown of orgs by tier (Starter, Professional, Enterprise).
   • Monthly Growth — new organization sign-ups over time.

Managing Organizations

5. Navigate to Organizations in the sidebar.
6. View the list of all organizations with their name, country, subscription tier, status, and creation date.
7. To Create a New Organization:
   • Click New Organization.
   • Enter: Organization Name, Country (GCC defaults apply), Admin Email, Admin Name.
   • Select the Subscription Tier.
   • Click Create. The system provisions the organization with country defaults and sends an activation email to the admin.
8. To Edit an Organization:
   • Click on the organization row.
   • Modify name, country, subscription tier, or other settings.
   • Click Save.
9. To Deactivate an Organization:
   • Open the organization detail.
   • Click Deactivate. All users in that organization lose access immediately.
   • Data is preserved but the organization cannot be accessed until reactivated.

User Management Across Organizations

10. Navigate to Users in the sidebar.
11. View all users across all organizations in a single list.
12. Filter by organization, role, status, or last login date.
13. Click a user to view their details, including which organization they belong to and their role.
14. From here you can:
    • Reset Password — send a password reset email.
    • Deactivate — revoke access without deleting the account.
    • Change Role — modify the user's role within their organization.

Impersonation

15. Impersonation allows a Superadmin to view the platform exactly as a specific organization's admin would see it, without knowing their password.
16. To impersonate:
    • Navigate to the Organization detail page.
    • Click the Impersonate button next to the organization admin.
    • The system generates a special JWT token that includes an impersonated_by claim containing the Superadmin's user ID.
    • You are redirected to the organization's subdomain (e.g., acme.tawridy.com).
    • A prominent banner appears at the top of the screen: "Viewing as [Organization Name]" in a distinct color, ensuring you always know you are in impersonation mode.
17. While impersonating:
    • You see exactly what the org admin sees, including all data, settings, and modules.
    • All actions you take are logged with the impersonated_by claim in the audit trail, so they are traceable back to the Superadmin.
    • You cannot delete the organization or modify Superadmin-level settings while impersonating.
18. To exit impersonation:
    • Click the Exit Impersonation button on the banner.
    • You are redirected back to admin.tawridy.com.

Subscription & Package Management

19. Navigate to Subscriptions in the sidebar.
20. View and manage subscription tiers:
    • Starter — define included modules, user limits, and pricing.
    • Professional — configure additional features (integrations, AI).
    • Enterprise — set up custom packages with unlimited options.
21. Assign or change an organization's tier from the Organization detail page.
22. View billing history and subscription status per organization.

Key Fields Explained

Field	Description
organization_id	Unique identifier for each tenant organization.
organization_name	The registered name of the tenant.
status	Organization status: Active, Deactivated, or Pending Setup.
subscription_tier	Current plan: Starter, Professional, or Enterprise.
admin_email	The primary admin contact email for the organization.
created_at	Timestamp of when the organization was provisioned.
impersonated_by	JWT claim containing the Superadmin's user ID. Present only in impersonation tokens.
impersonation_token	Short-lived JWT issued during impersonation. Includes the target org context and the impersonated_by claim.
user_count	Number of active users in the organization.
last_activity	Timestamp of the most recent transaction or login in the organization.

Tips & Best Practices

TIP

Always use impersonation instead of asking clients for their passwords. It is more secure, fully auditable, and avoids the security risk of shared credentials. The impersonated_by claim in the JWT ensures every action is traceable.

TIP

Review the Platform Dashboard weekly to identify organizations that may need support (inactive orgs), upselling opportunities (orgs hitting user limits), or potential issues (sudden drops in activity).

WARNING

Impersonation is a powerful feature. Every action taken while impersonating is logged in the target organization's audit trail with the Superadmin's identity. Use it only for legitimate support and troubleshooting purposes. Misuse undermines platform trust.

WARNING

Deactivating an organization immediately locks out all of its users. Communicate with the organization's admin before deactivation whenever possible. Reactivation restores access, but users may need to log in again.

• Create organizations with the correct country from the start. While country can be changed later, it resets tax and currency defaults, which may require reconfiguration.
• When creating test organizations for demos or QA, use a clear naming convention (e.g., "TEST - Acme Corp") so they are easily identifiable and do not get confused with production tenants.
• Monitor the Subscription Distribution chart to understand your platform's revenue mix and plan capacity accordingly.
• Use the Users view filtered by "Last Login > 90 days" to identify and clean up stale accounts across the platform.

FAQ

Q: Who has access to the Superadmin Panel? A: Only platform operators with the Superadmin role can access admin.tawridy.com. This role is not available through the regular Users & Roles module and must be provisioned directly in the database or by another Superadmin.

Q: Can a Superadmin create transactions (POs, invoices) while impersonating? A: Yes, a Superadmin can perform any action the org admin can while impersonating. However, all actions are logged with the impersonated_by claim, making them traceable. Use this capability only when assisting an organization with a specific issue.

Q: How long does an impersonation session last? A: The impersonation JWT has a short-lived expiry (default: 1 hour). After it expires, the Superadmin is redirected back to admin.tawridy.com and must re-initiate impersonation if more time is needed. This limits the window of impersonated access.

Q: Can I impersonate a regular user (not admin)? A: Impersonation targets the organization's admin role. To see what a specific non-admin user sees, review their role permissions in the Users & Roles module while impersonating as the org admin.

Q: What happens to data when an organization is deactivated? A: All data is preserved in the database. Deactivation only revokes login access for all users in that organization. Reactivating the organization restores full access with all data intact.

Q: Can I delete an organization permanently? A: Permanent deletion is a destructive operation that removes all organization data irreversibly. It is available only as a database-level operation and is not exposed in the Superadmin UI to prevent accidental data loss. Contact the engineering team for permanent deletion requests.