Help / Workflows / Investor / Admin Management

Admin Management Workflow

RBAC-protected admin panel for managing the full investor lifecycle. Administrators review registrations, manage documents, monitor activity, and revoke access -- all actions logged in an immutable audit trail with rate limiting enforced.

Admin Login RBAC Authenticated Dashboard Overview Panel Review Registrations Approve Reject Manage Documents Upload / Remove Monitor Activity View Logs Revoke Access Deactivate AUDIT TRAIL Every action logged User + timestamp IP + action type Immutable records RATE LIMITING & SECURITY RBAC Role Check Rate: 60 req/min Session Timeout: 30m IP Allowlist RBAC PERMISSION MATRIX ROLE REGISTRATIONS DOCUMENTS ACTIVITY REVOKE Super Admin Full Full Full Full Moderator View Only Full Full None

Step-by-Step Guide

  1. Admin Login

    Authenticate with administrator credentials through the RBAC-protected login. Two-factor authentication is required. The system checks the admin's role (Super Admin or Moderator) and applies the corresponding permission set.

  2. Dashboard Overview

    The admin dashboard displays key metrics: pending registrations count, active investors, expiring magic links, and recent activity. Quick-action cards provide one-click access to the four management branches.

  3. Review Registrations (Approve / Reject)

    View pending investor registrations in a filterable table. Inspect each applicant's details, verify their identity and firm affiliation, then approve to trigger magic link generation or reject with an automated decline email.

  4. Manage Documents (Upload / Remove)

    Upload, organize, and remove investor-facing documents such as pitch decks, business plans, and financial projections. Set tier-based access controls on each document to restrict visibility by investor access level.

  5. Monitor Activity (View Logs)

    View real-time activity logs showing investor logins, document views, link clicks, and session durations. Filter by investor, date range, or action type. Identify suspicious patterns such as repeated failed access attempts.

  6. Revoke Access (Deactivate)

    Instantly revoke an investor's access by deactivating their account. This invalidates all active sessions and magic links immediately. The investor receives a notification email and must be re-approved to regain access.

  7. Audit Trail & Rate Limiting

    Every admin action is recorded in an immutable audit trail with the admin's identity, timestamp, IP address, and action details. Rate limiting (60 requests/minute) and session timeouts (30 minutes) protect against abuse.