Administration Hub

System configuration, user management, and security settings. Superadmin only.

Access

Admin Portal → Administration (sidebar)

Required role: Superadmin

Regular admins cannot access this hub.

Four cards for administrative functions:

User Management

Manage users, accounts, and access.

Roles & Permissions

Configure roles and permission levels.

System Settings

System-wide configuration and preferences.

Audit Logs

Activity logs and HIPAA compliance tracking.

User Management

Click “User Management” card.

User List

Table shows all users:

  • Email
  • Role (admin, staff, referrer)
  • Status (active, inactive)
  • Last login
  • Actions menu

Add User

Click “Add User” button (top right).

Form fields:

  • Email (required)
  • Full name
  • Role: admin, staff, or referrer
  • Status: active or inactive

Roles:

  • Admin: Full access to all features
  • Staff: View/edit patients and forms
  • Referrer: View-only access

User receives email invitation to set up account.

Edit User

Click 3-dot menu → Edit.

Change role, name, or status.

Cannot change email (tied to Keycloak account).

Deactivate User

Click 3-dot menu → Deactivate.

User loses access immediately.

Preserves all their audit log entries.

Can be reactivated later.

Delete User

Click 3-dot menu → Delete.

Warning: Permanent action. Cannot be undone.

User removed from Keycloak.

Audit logs preserved (required for HIPAA).

Use deactivate instead of delete unless absolutely necessary.

Roles & Permissions

Click “Roles & Permissions” card.

Role Definitions

Three built-in roles:

Admin:

  • All patient operations
  • Start intakes, review submissions
  • Generate AI summaries
  • User management
  • View audit logs
  • System settings

Staff:

  • Add/edit patients
  • Assign forms
  • Review submissions
  • Generate AI summaries
  • No user management
  • No audit log access

Referrer:

  • View patients (read-only)
  • View submissions (read-only)
  • No editing
  • No user management

Permission Matrix

Table shows what each role can do:

  • View patients: All roles
  • Edit patients: Admin, Staff
  • Delete patients: Admin only
  • View submissions: All roles
  • Edit submissions: Admin, Staff
  • Generate AI summaries: Admin, Staff
  • User management: Admin only
  • Audit logs: Admin only

Custom Roles

Currently not supported.

Only built-in roles available.

Custom roles planned for future version.

System Settings

Click “System Settings” card.

General Settings

Clinic Information:

  • Clinic name
  • Address
  • Phone
  • Email

Timezone:

  • Set timezone for timestamps
  • Affects audit logs and scheduling

Session Timeout:

  • Auto-logout after inactivity
  • Default: 15 minutes
  • Range: 5-60 minutes

Security Settings

Password Policy:

  • Minimum length (default: 12)
  • Require uppercase
  • Require lowercase
  • Require numbers
  • Require special characters

Two-Factor Authentication:

  • Require 2FA for all users
  • Require 2FA for admins only
  • Optional (recommended)

IP Whitelist:

  • Restrict access to specific IP addresses
  • Add IP ranges for clinic network
  • Empty = allow all IPs

Integration Settings

LM Studio (AI summaries):

  • Enable/disable AI features
  • LM Studio URL (default: localhost:1234)
  • Model selection
  • CORS settings

Email:

  • SMTP server settings
  • From address
  • Email templates

SMS:

  • Twilio credentials
  • Phone number
  • SMS templates

Backup Settings

Automatic Backups:

  • Frequency (daily, weekly)
  • Retention period
  • Backup location (Neon handles this)

Manual Backup:

  • Click “Backup Now” to create snapshot
  • Download backup to local machine

Audit Logs

Click “Audit Logs” card.

Log Table

Every action tracked:

  • Timestamp
  • User (who did it)
  • Action (what they did)
  • Resource (patient, form, etc.)
  • Resource ID
  • IP address
  • Result (success/failure)

Filters

By user: Select user from dropdown

By date range:

  • Today
  • Last 7 days
  • Last 30 days
  • Custom range

By event type:

  • PHI_ACCESS (viewed patient/submission)
  • PHI_CREATED (added patient)
  • PHI_UPDATED (edited patient)
  • PHI_DELETED (deleted patient)
  • USER_LOGIN
  • USER_LOGOUT
  • SYSTEM_SETTINGS_CHANGED

By resource:

  • Patients
  • Forms
  • Submissions
  • Users
  • Settings

Search box filters logs by:

  • User email
  • Resource name
  • Action description
  • IP address

Export Logs

Click “Export” button.

Options:

  • CSV format
  • JSON format
  • Date range selection
  • Filter selection

Use cases:

  • HIPAA compliance audits
  • Security investigations
  • Activity reports for management

Log Retention

Logs kept for 7 years (HIPAA requirement).

Cannot be deleted by users.

Automatically archived after 1 year (slower to access but preserved).

Log Details

Click any log entry to see full details:

  • Complete event data
  • Request headers
  • Response status
  • Changed fields (for updates)
  • Error messages (if failed)

Back Navigation

Every subpage has “Back” button to return to Administration menu.

From there, sidebar or home to navigate elsewhere.

Security Notes

Administration hub is the most sensitive area.

Best practices:

  • Limit superadmin access to 1-2 trusted users
  • Regular admins should not be superadmins
  • Review audit logs weekly
  • Enable 2FA for all admins
  • Use IP whitelist if possible

URL

https://intakepilot.com/admin (select Administration from sidebar)