Admin Dashboard Overview & Authentication

Last updated: February 6, 2026
Admin Tools

Admin Dashboard Overview & Authentication

Overview

The Sampo Admin Dashboard provides comprehensive monitoring and management capabilities for the multi-deployment job board platform. This guide covers all major features, navigation patterns, and operational procedures.

Key Features

  • System Health Monitoring: Real-time status of all system components
  • Performance Analytics: Metrics, error tracking, and performance trends
  • User Analytics: User behavior, engagement, and deployment-specific insights
  • CI/CD Monitoring: Build status, accessibility compliance, and deployment tracking
  • Feature Flag Management: Toggle features across deployments
  • Multi-Deployment Support: Unified management of BlueLine, BrassKey, and Demo environments

Getting Started

Prerequisites

Before accessing the admin dashboard, ensure you have:

  1. Admin User Account: Account with admin role permissions
  2. Two-Factor Authentication: 2FA must be enabled on your account
  3. Admin Monitoring Permissions: AdminMonitoringGuard validation
  4. VPN Access: Required for production environment access (if applicable)

Initial Access

  1. Login: Navigate to `/auth/login` and authenticate with your admin credentials
  2. 2FA Verification: Complete two-factor authentication when prompted
  3. Dashboard Access: Navigate to `/admin` to access the admin panel

Authentication & Security

Required Authentication

All admin endpoints require three levels of security:

1. JWT Authentication

  • Valid bearer token must be present in Authorization header
  • Tokens expire after configured duration (typically 15 minutes)
  • Refresh tokens used for seamless re-authentication

2. Role-Based Access Control (RBAC)

  • User account must have `admin` role
  • Role verification happens on every request
  • Insufficient permissions result in 403 Forbidden errors

3. Two-Factor Authentication (2FA)

  • 2FA verification required for all admin operations
  • Time-based one-time passwords (TOTP) support
  • Backup codes available for recovery

Security Headers

All admin requests include security headers:

```http Authorization: Bearer <jwt-token> X-Deployment-ID: <deployment-id> # Optional for deployment-specific operations ```

Session Management

  • Auto-refresh: JWT tokens refresh automatically before expiration
  • Session timeout: Inactive sessions expire after 30 minutes
  • Multi-tab support: Sessions maintained across multiple browser tabs
  • Secure logout: Proper token invalidation on logout

Was this article helpful?

Your feedback helps us improve our support content.

Still need assistance?

Our support team is ready to help you with more complex issues.

Contact Support