# Administration

Manage your organization, users, permissions, and billing with comprehensive administrative controls.

## Overview

The Administration section provides tools for managing your organization's setup, team members, access controls, and subscription. Whether you're setting up a new organization or managing an existing team, you'll find everything you need here.

## Administrative Capabilities

As an administrator, you can:

* **Manage Organization Settings**: Configure company-wide preferences and policies
* **Add and Remove Users**: Control who has access to your organization
* **Assign Roles & Permissions**: Define what users can see and do
* **Create User Groups**: Organize users for easier permission management
* **Control Agent Access**: Determine who can use specific agents
* **Monitor Usage & Billing**: Track consumption and manage subscriptions
* **Configure Security Settings**: Enforce authentication and security policies

## Administration Topics

### [Organization Settings](/product/administration/administration.md)

Configure company-wide settings and preferences that apply to your entire organization.

**Key Settings:**

* Organization name and branding
* Default language and timezone
* Data retention policies
* Security policies (MFA requirements, session timeouts)
* Integration configurations
* Feature flags and access controls

**Common Tasks:**

* Update organization profile
* Configure SSO settings
* Set data retention rules
* Enable/disable features

***

### [User Management](/product/administration/user-management.md)

Add, remove, and manage users within your organization.

**Capabilities:**

* Invite new users via email
* Bulk user import from CSV
* Deactivate or remove users
* View user activity and last login
* Reset user passwords
* Manage user profiles

**User Lifecycle:**

1. **Invitation**: Send email invites to new users
2. **Onboarding**: Users complete registration
3. **Active Use**: Monitor activity and engagement
4. **Offboarding**: Deactivate accounts when users leave

***

### [User Permissions & Roles](/product/administration/user-permissions.md)

Control what users can do within the platform using role-based access control.

**Built-in Roles:**

* **Admin**: Full organizational control
* **Manager**: Can manage users and agents
* **Member**: Can create and use agents
* **Viewer**: Read-only access

**Permission Areas:**

* Agent creation and management
* Data source connections
* User management
* Organization settings
* Billing and usage
* Analytics and reports

**Custom Roles** (Enterprise): Create tailored roles with specific permissions for your organization's needs.

***

### [Group Management](/product/administration/group-management.md)

Organize users into groups for easier permission management and collaboration.

**Group Features:**

* Create department, team, or project-based groups
* Assign multiple users to a group at once
* Grant group-level access to agents and data
* Manage group membership

**Use Cases:**

* **By Department**: Sales, Support, Engineering groups
* **By Project**: Assign agent access to project teams
* **By Region**: Regional teams with localized data access
* **By Function**: Admins, content creators, analysts

**Benefits:**

* Simplified permission management
* Easier onboarding for new team members
* Better collaboration within teams
* Clearer organizational structure

***

### [Agent Permissions & Access Control](/product/administration/agent-permissions.md)

Control who can access, use, and modify specific agents.

**Access Levels:**

* **Private**: Only the creator can access
* **Group**: Specific groups or users can access
* **Organization**: All organization members can access
* **Public**: Shared via Agent Hub (with restrictions)

**Permission Types:**

* **View**: See the agent and its configuration
* **Use**: Query the agent
* **Edit**: Modify agent settings and prompts
* **Manage**: Full control including deletion

**Advanced Controls:**

* Data source-level permissions
* Query filtering based on user attributes
* Usage quotas per user or group
* Audit logging of agent access

***

### [Billing & Usage](/product/administration/billing-usage.md)

Monitor consumption, manage subscriptions, and control costs.

**Usage Metrics:**

* Total queries per month
* Active users
* Token consumption (input/output)
* Data storage usage
* API calls

**Billing Management:**

* View current plan and pricing
* Upgrade or downgrade subscription
* Add or remove seats
* Set usage alerts and limits
* Download invoices
* Update payment methods

**Cost Controls:**

* Set spending limits
* Usage alerts at thresholds
* Per-agent cost tracking
* User or group quotas

***

## Quick Start for Admins

### Initial Setup (First-Time Admins)

1. **Complete Organization Profile**
   * Set organization name and logo
   * Configure timezone and regional settings
   * Set up SSO if needed ([SSO Integration](/product/security/sso-integration.md))
2. **Invite Your Team**
   * Add initial users ([User Management](/product/administration/user-management.md))
   * Assign appropriate roles ([User Permissions](/product/administration/user-permissions.md))
   * Create groups if needed ([Group Management](/product/administration/group-management.md))
3. **Configure Security**
   * Enforce MFA if required ([Security Best Practices](/product/security/best-practices.md))
   * Set password policies
   * Configure session timeouts
   * Review audit log settings
4. **Set Up Billing**
   * Choose your plan ([Billing & Usage](/product/administration/billing-usage.md))
   * Add payment method
   * Set usage alerts
5. **Create Initial Agents**
   * Build your first agent ([Creating Your First Agent](/product/overview/add-an-ai-agent-persona.md))
   * Connect data sources ([Data Integrations](/product/data-integrations.md))
   * Set agent permissions ([Agent Permissions](/product/administration/agent-permissions.md))

### Ongoing Administration Tasks

**Daily/Weekly:**

* Monitor usage and costs
* Review audit logs for security issues
* Respond to user access requests

**Monthly:**

* Review and adjust user roles
* Audit group memberships
* Check billing and usage trends
* Review agent performance metrics

**Quarterly:**

* Conduct access reviews
* Update security policies
* Review and optimize costs
* Plan for growth and scaling

## Common Administrative Scenarios

### Scenario 1: Onboarding a New Team Member

1. **Invite User**: Send invitation email
2. **Assign Role**: Grant appropriate permissions (usually "Member")
3. **Add to Groups**: Include in relevant team groups
4. **Grant Agent Access**: Share relevant agents or let them create their own
5. **Provide Training**: Share [Quick Start Guide](/getting-started/quick-start.md)

### Scenario 2: Employee Leaving Organization

1. **Deactivate Account**: Immediately revoke access
2. **Transfer Ownership**: Reassign their agents to another user
3. **Audit Access**: Review what data they accessed (audit logs)
4. **Update Billing**: Reduce seat count if applicable
5. **Document**: Record offboarding for compliance

### Scenario 3: Reorganizing Team Structure

1. **Plan New Structure**: Define new groups and permissions
2. **Create New Groups**: Set up groups for new structure
3. **Migrate Users**: Move users to appropriate groups
4. **Update Agent Permissions**: Align agent access with new structure
5. **Communicate Changes**: Notify affected users

### Scenario 4: Controlling Costs

1. **Analyze Usage**: Review [Billing & Usage](/product/administration/billing-usage.md) dashboard
2. **Identify High Usage**: Find expensive agents or users
3. **Set Quotas**: Limit usage where appropriate
4. **Optimize Agents**: Follow [Cost Optimization](/product/monitoring/cost-optimization.md) guide
5. **Monitor Impact**: Track changes over time

### Scenario 5: Improving Security Posture

1. **Enable MFA**: Require for all users
2. **Review Permissions**: Audit user roles and access
3. **Configure SSO**: Centralize authentication
4. **Set Up Alerts**: Monitor for security events
5. **Train Users**: Share [Security Best Practices](/product/security/best-practices.md)

## Best Practices for Administrators

### User Management

* **Principle of Least Privilege**: Grant minimum necessary permissions
* **Regular Reviews**: Audit access quarterly
* **Prompt Offboarding**: Remove access immediately when users leave
* **Group-Based Access**: Use groups instead of individual permissions
* **Document Decisions**: Keep records of permission changes

### Security

* **Enforce MFA**: Require multi-factor authentication
* **Use SSO**: Centralize identity management
* **Monitor Logs**: Review audit logs regularly
* **Rotate Credentials**: Regularly update API keys
* **Stay Informed**: Subscribe to security bulletins

### Cost Management

* **Set Budgets**: Define monthly spending limits
* **Monitor Trends**: Watch for unusual usage spikes
* **Optimize Agents**: Regularly review and tune expensive agents
* **Use Quotas**: Prevent runaway costs with limits
* **Plan for Growth**: Budget for increased usage

### Organizational

* **Clear Policies**: Document usage policies and share with users
* **Regular Training**: Keep team updated on new features
* **Communication**: Announce changes that affect users
* **Support Process**: Establish how users request access or help
* **Feedback Loop**: Gather user feedback for improvements

## Administrative Tools

### Admin Dashboard

Central hub for all administrative tasks:

* User overview and recent activity
* Usage and billing summary
* Security alerts and audit log highlights
* Quick actions for common tasks

### Audit Logs

Track all administrative actions:

* User login and access events
* Permission changes
* Agent modifications
* Data source connections
* Billing changes

**Export Options**: CSV, JSON, SIEM integration (Enterprise)

### Bulk Operations

Efficient management at scale:

* Bulk user import from CSV
* Bulk permission updates
* Bulk agent sharing
* Mass group membership changes

### Reporting

Generate reports for:

* Usage by user, team, or agent
* Cost breakdown and trends
* Security and compliance audits
* Agent performance metrics

## Integration with Other Systems

### Identity Providers

Integrate with your existing identity management:

* **SSO**: Okta, Azure AD, Google Workspace ([SSO Integration](/product/security/sso-integration.md))
* **SCIM**: Automatic user provisioning (Enterprise)
* **LDAP**: Directory synchronization (Enterprise)

### IT Management Tools

Connect with your IT stack:

* **SIEM**: Security event integration
* **MDM**: Device management policies
* **Ticketing**: ServiceNow, Jira integration
* **Monitoring**: Datadog, New Relic integration

### HR Systems

Automate user lifecycle:

* Auto-provision from HR system
* Automatic deactivation on departure
* Role assignment based on job title
* Group membership from org structure

## Support for Administrators

### Documentation

* This Administration section
* [Security & Compliance](/product/security.md)
* [Monitoring & Analytics](/product/monitoring.md)
* [Developer API](/product/developer-api.md) for automation

### Training Resources

* Admin onboarding guide
* Video tutorials
* Webinars on best practices
* Certification program (Enterprise)

### Support Channels

* **Standard Support**: Email and ticket system
* **Priority Support**: Phone and chat (Pro/Enterprise)
* **Dedicated CSM**: Enterprise customers
* **Community Forum**: Peer support and discussion

### Professional Services

Available for Enterprise:

* Implementation and setup assistance
* Custom training for your team
* Security and compliance review
* Architecture consulting

## Next Steps

### For New Administrators

1. **Set Up Your Organization**: Start with [Organization Settings](/product/administration/administration.md)
2. **Add Your Team**: Follow [User Management](/product/administration/user-management.md) guide
3. **Configure Permissions**: Review [User Permissions & Roles](/product/administration/user-permissions.md)
4. **Secure Your Instance**: Implement [Security Best Practices](/product/security/best-practices.md)

### For Existing Administrators

1. **Optimize Permissions**: Audit with [Group Management](/product/administration/group-management.md)
2. **Control Agent Access**: Review [Agent Permissions](/product/administration/agent-permissions.md)
3. **Monitor Costs**: Check [Billing & Usage](/product/administration/billing-usage.md)
4. **Stay Informed**: Review [Changelog](/product/reference/changelog.md) regularly

### For Enterprise

1. **Schedule Onboarding**: Work with your customer success manager
2. **Plan Integration**: Review SSO and SCIM options
3. **Custom Configuration**: Discuss custom roles and features
4. **Training**: Schedule admin training sessions

Need help? Contact your customer success manager or <support@twig.ai>.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.twig.so/product/administration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.