Skip to main content
This guide is for the first administrator of an enterprise or managed-cloud Overlay deployment.

First admin

The first admin is normally granted by the deployment operator or by the One-Command Install bootstrap script. If you need to grant it manually, use the admin helper:
This creates an administrative_principal record and records the grant in the audit log.

Grant and revoke principals

Admins can list, grant, and revoke administrative principals through the admin API.
Request bodies:
Valid roles are admin, auditor, billing_admin, and support.

Read audit events

Auditors and admins can list audit events:
Use action, actorUserId, resourceType, and before filters to narrow results.

Manage budgets

Admins and billing_admin can read usage and adjust budgets:
Budget adjustments create administration.budget.adjust audit events.

Checklist

Before handing the deployment to end users:
  • The first admin is granted and has signed in.
  • Additional admin roles are granted and documented.
  • Audit logging is enabled and reachable.
  • Usage and budget controls are understood by the finance/IT contact.
  • The Enterprise Security Launch Checklist is complete.