Admin Panel (Owner Access)
The Admin Panel is a privileged interface available only to the internal RiskFlow Owner account. It is used for managing critical operations across all MSPs and Organizations — such as approving new teams, updating root users, and overseeing platform-wide activity.
Who Is the Owner?
- The Owner refers exclusively to RiskFlow — the platform operator or infrastructure maintainer.
- The Owner is not a regular user of the platform.
- This role is typically held by your internal admin account
- It does not refer to root users of MSPs or Organizations.
A root user is the first user of an MSP or Organization.
The Owner can assign or change the root user of any team.
Admin Panel Capabilities
Manage Stored (Pending) First Users
- View all pending registrations of first users (MSPs or Orgs)
- Approve or decline requests after verifying authenticity
- Automatically notify users upon action
Invite Root Users (MSP or Org)
- Skip public registration by directly inviting root users
- Choose whether they will be MSPs or Organizations
Reassign Root User
- Change the root user of any MSP or Organization
- Useful in case of handovers, terminations, or incorrect assignment
Assign Organizations to MSPs
- Move independently registered orgs under an MSP
- Maintain proper hierarchy and accountability
View Audit Logs (Global)
- Access full platform-wide audit logs
- Filter by user, action type, or entity
- Includes every create, update, and permission event
Platform Configuration (Planned)
- Enable or disable compliance frameworks (HIPAA, GDPR, etc.)
- Toggle authentication flows (SSO, magic link)
- Define platform-wide branding or billing behavior
Access Restrictions
| Role | Access to Admin Panel |
|---|---|
| Owner (RiskFlow) | Yes |
| MSP Super Admin | No |
| Org Admin | No |
| Vendor | No |
Operational Best Practices
- Review all new team registrations regularly
- Verify email domains and business names before approval
- Only change root users in confirmed edge cases
- Avoid assigning organizations to MSPs without written request