A walk through the admin console at https://<tenant>-<org>.<your-domain>/admin. Sign in with a tenant admin account; you'll land on the Dashboard.
The left sidebar groups everything you can do. Top to bottom:
Dashboard
Section titled “Dashboard”The first thing you see. KPIs across the last 24 hours — sign-ins, failures, MFA prompts, new users — plus a recent-activity feed, an alerts strip, and the current MFA-distribution donut. Auto-refreshes (30s / 1m / 5m / off; pick from the dropdown at the top right). The Dashboard topic covers each tile.
Applications
Section titled “Applications”Every OAuth/OIDC client your team has registered against this tenant lives here. SPAs, M2M backends, native apps, server-side apps, SAML SP integrations — all the same list, filtered by type. From here you create, edit, rotate secrets, disable, delete. See Applications overview.
The user records inside this tenant. Search, filter, view a single user's full record (profile, MFA factors, group memberships, recent sessions, sign-in history). Admin operations: reset password, force MFA reset, disable, delete, bulk import. See Users overview.
Roles & scopes
Section titled “Roles & scopes”Roles map to groups + capabilities. Roles assign to users in bulk. The roles surface is in flight on the new framework as of this writing — some features are operational; some still show a "wiring in flight" notice. See Roles overview.
Authentication
Section titled “Authentication”Where you configure how users sign in. Password rules, email OTP, magic links, social providers (Google / GitHub / Microsoft / Apple), enterprise SSO connections (OIDC / SAML). See Authentication overview.
Multi-factor enforcement. Off / optional / required, by user / group / risk. Adaptive step-up. Custom factors (a tenant-defined factor with your own name + icon, on top of the standard WebAuthn/TOTP/SMS). See MFA overview.
Flows & Actions
Section titled “Flows & Actions”The custom-logic surface. A Flow is a sign-in or registration pipeline; an Action is a piece of JavaScript that runs at a specific point inside that flow. "Reject users from a banned email domain", "decorate the token with a custom claim", "alert ops on admin sign-in" — all Actions. See Flows overview.
Branding
Section titled “Branding”What the sign-in page looks like. Logo, colours, custom CSS, email templates. See Branding overview.
Every action in this tenant lands here. Search, filter, export. Configure streaming to your SIEM (webhook, Splunk, Datadog, Elastic). See Audit overview.
Threat intelligence
Section titled “Threat intelligence”Threat feeds the platform uses to score sign-in risk. FireHOL, Tor exit nodes, AbuseIPDB, and custom URL feeds you control. Test an IP against the feeds in one click. See Threat overview.
Reports
Section titled “Reports”A catalogue of pre-built reports — security, identity, applications, operations, compliance, plus custom ones you build. See Reports overview.
Integrations
Section titled “Integrations”Where you connect external services: SMTP for transactional email, and the rest as the platform wires them in. See Integrations overview.
Settings
Section titled “Settings”Tenant-wide knobs. Authentication policy, password policy, session policy. See Authentication policy.
Manuals
Section titled “Manuals”Operator runbooks — the things you do once a quarter and want a checklist for. MFA recovery, bulk user migration, diagnosing failed-login spikes. See Manuals.
Top right of every page: a global search (cmd-K), your account menu, and the tenant switcher if your organisation runs more than one tenant. The footer has links to status, support, and the changelog.
Get the feel for one section by opening it — most lists support filter + sort + bulk operations. Most detail pages have an audit summary along the bottom showing the last few changes to that record.