Internal Users: Admin Journeys
Overview
This document outlines the key user journeys for Platform Administrators who manage the PenguinMails platform. These journeys focus on system administration, user management, security, and platform configuration.
Purpose: Provide clear workflows for administrative users to efficiently manage platform operations.
User Profile: Platform Administrators
Primary Characteristics
- Full system access and configuration management
- Responsible for user management and tenant administration
- Implement security policies and compliance measures
- Manage system configuration and environment settings
- Technical expertise in platform administration
Common Tools & Systems
- Platform admin dashboard
- User management interface
- Security and compliance tools
- Analytics and monitoring systems
- Configuration management tools
Core Admin Journeys
Journey 1: User Management & Access Control
Feature Reference: Global User Management Route: /dashboard/users
Initial Setup
- Access Admin Dashboard
- Log into administrative interface (authenticated via
staff_memberstable) - Navigate to user management section
- Review current user base and access levels
- Log into administrative interface (authenticated via
- Create New User Accounts (Administrative Actions)
- Set up internal team member accounts
- Configure role-based access permissions
- Set up multi-factor authentication (Planned)
- Onboard External Users (Tenant Management)
- Process customer account approvals
- Configure customer-specific settings
- Set up billing and subscription information
- Establish communication preferences
Daily Operations
- Monitor User Activity (Audit Trail Viewer)
- Review login activity via PostHog analytics
- Identify unusual access patterns
- Monitor failed login attempts (Audit Trail)
- Check engagement metrics via PostHog (see Metrics Glossary)
- Manage Permissions (Change Role)
- Adjust access levels based on role changes
- Handle permission escalation requests
- Review and audit access rights
- Process user deactivation requests
Advanced Management
- Bulk User Operations (Planned - Q3 2026)
- Mass user updates and migrations
- Department restructuring and reassignments
- Access policy updates across user groups
- Data export and reporting
- See User Management Future Enhancements
- Compliance & Audit (Audit Trail)
- Generate access reports for compliance
- Review user activity logs
- Conduct permission audits
- Document security incidents
Journey 2: System Configuration & Environment Management
Feature Reference: Tenant Management Route: /dashboard/tenants
Environment Setup
- Initial Platform Configuration
- Configure basic platform settings
- Set up email domains and routing
- Establish deliverability settings
- Configure monitoring and alerting
- Feature Flag Management (Tenant Management)
- Enable/disable platform features
- Manage beta feature rollouts via Tenant Management
- Control feature access by user segments (percentage rollouts, allowlists)
Note: A/B testing and advanced experimentation uses PostHog.
Ongoing Configuration
- Performance Monitoring (System Monitoring)
- Monitor system performance via Prometheus/Grafana (planned for 2026 Spike; see Metrics Glossary)
- View queue health and job processing rates
- Check service availability and error rates
Note: Resource allocation, database optimization, and caching are DevOps operations and are Post-MVP for the Admin UI. See Operations Runbooks for infrastructure tasks.
- Integration Management (Roadmap - 2027)
- Third-party integration management planned post-internal API stabilization
- Current: API keys managed via Vault Management
- See Enterprise Roadmap for planned integration features
Journey 3: Security & Compliance Management
Feature Reference: Vault Management Route: /admin/secrets
Security Setup
- Access Control Implementation (User Management Access Control)
- Configure role-based access control (RBAC)
- Set up multi-factor authentication (Planned)
- Establish password policies
- Configure session management
- Data Protection (Vault Secrets)
- Configure data encryption settings
- Establish data retention policies
- Set up backup and recovery procedures
- Manage data classification
Ongoing Security Operations
- Threat Monitoring (Audit Log Viewer)
- Review security alerts and notifications
- Investigate suspicious activities
- Monitor failed authentication attempts
- Track unusual system access patterns
- Compliance Management
- Generate compliance reports
- Conduct security assessments
- Review and update security policies
- Manage security incident responses
Journey 4: Platform Monitoring & Analytics
Feature Reference: System Monitoring Routes: /dashboard/system/infrastructure,/dashboard/system/logs
Daily Monitoring
- System Health Dashboard (System Monitoring)
- Review overall system status
- Check critical service health
- Monitor resource utilization
- Review error rates and performance
- User Activity Analytics (PostHog + OLAP)
- Engagement metrics and feature adoption tracked via PostHog
- Admin audit logs available in OLAP admin_audit_log
- Customer satisfaction and support ticket trends via external tools (Zendesk, Intercom)
- See Enterprise Roadmap for enhanced analytics (Q1 2027)
Reporting & Insights
- Administrative Reporting
- Generate user growth reports
- Create system performance summaries
- Develop compliance documentation
- Prepare executive dashboards
- Problem Resolution
- Investigate system issues
- Troubleshoot user problems
- Coordinate with technical teams
- Document resolutions and solutions
Journey 5: Staff & Role Management
Feature Reference: User Management Route: /dashboard/users
Staff Offboarding
- Role Removal (Change Role)
- User Story: “I want to remove a penguinmails employee so I remove the roles.”
- Action: Navigate to Staff Management > Select Employee > Edit Roles > Remove all assigned roles.
- System Effect: Immediate invalidation of staff session tokens; user loses access to all admin routes.
- Verification: Attempt to access admin dashboard with the user’s credentials (should fail).
- Emergency Access Revocation (Revoke All Sessions)
- User Story: “A staff member’s device was compromised, and I need to revoke access immediately.”
- Action: Navigate to Staff Management > Select Employee > Click “Revoke All Sessions” > Click “Suspend Account”.
- System Effect: All active sessions are terminated; account status set to ‘Suspended’.
- Follow-up: Trigger security audit log review for the compromised user’s recent activity.
- Role Promotion/Demotion (Change Role)
- User Story: “A support agent has been promoted to a team lead and needs advanced user management permissions.”
- Action: Navigate to Staff Management > Select Employee > Edit Roles > Add ‘User Manager’ role.
- System Effect: User gains access to ‘Ban User’ and ‘Bulk Edit’ capabilities upon next login.
Journey 6: Financial Operations (Stripe-First)
Feature Reference: Finance Overview Route: /dashboard/finance
Payment Dispute & Stop Requests
- Dispute Verification (Tenant Billing)
- User Story: “I want to stop the payments for a specific tenant due to a legal dispute.”
- Action: Navigate to Tenant Details > Billing > Review current subscription status.
- Process: Create a “Billing Dispute” ticket in Jira/Support System assigned to the Finance Team.
- Finance Action: Finance team pauses subscription directly in Stripe Dashboard.
- System Effect: Stripe webhook updates tenant status to ‘Paused’ in PenguinMails.
- Payment Reconciliation (Subscription Monitoring)
- User Story: “I had a payment in tenant side he shows the stripe invoice but we dont show on our side so I want to confirm.”
- Action: Navigate to Finance Dashboard > Transaction Search > Enter Tenant ID.
- Verification: Click “View in Stripe” to compare local status with Stripe data.
- Resolution: If discrepancy found, escalate to Engineering via “Sync Issue” ticket (or use “Force Sync” if available).
- Refund Request Processing
- User Story: “A customer was double-charged due to a glitch, and I need to request a refund.”
- Action: Navigate to Tenant Details > Billing > Invoices > Verify duplicate charge.
- Process: Create “Refund Request” ticket including Invoice ID and reason (“Duplicate Charge”).
- Finance Action: Finance team issues refund in Stripe Dashboard.
- Completion: Support agent notifies customer once refund is confirmed in Stripe.
User Type Context
Key Pain Points
- Complex user permission management across large user base
- Balancing security with usability for different user types
- Managing platform configuration changes without service disruption
- Keeping up with compliance requirements and security threats
- Coordinating with multiple internal teams for system updates
Success Metrics
See Metrics Glossary for detailed definitions of success metrics.
- User Satisfaction: Admin users rate experience positively
- Security Compliance: 100% compliance with security policies
- System Uptime: Maintain high availability for admin functions
- Response Time: Quick resolution of user access issues
- Efficiency: Reduced time for common administrative tasks
Integration Points
With Other Internal Teams
- Technical Teams: Coordinate on system updates and feature deployments
- Customer Success: Handle escalations and customer account management
- Marketing: Manage marketing user accounts and campaign access
- Finance: Coordinate billing and subscription management
With External Systems
- Google Workspace: User authentication and directory integration
- Jira: Issue tracking and project management coordination
- CRM Systems: Customer account synchronization
- Analytics Platforms: User behavior tracking and reporting
Common Admin Workflows
Weekly Administrative Tasks
- User Account Review
- Review new user requests
- Process account modifications
- Conduct access audits
- Update permissions as needed
- System Health Check
- Review performance dashboards
- Check error rates and alerts
- Monitor resource utilization
- Update configuration settings
Monthly Administrative Tasks
- Security Review
- Conduct security assessments
- Review access logs and permissions
- Update security policies
- Generate compliance reports
- Platform Analytics
- Analyze user growth trends
- Review feature adoption metrics
- Generate usage reports
- Plan system improvements
Quarterly Administrative Tasks
- System Optimization
- Review and optimize platform performance
- Update configuration baselines
- Plan system upgrades and improvements
- Coordinate with technical teams on roadmap
- Compliance & Audit
- Conduct comprehensive security audits
- Review and update compliance documentation
- Generate executive reporting
- Plan compliance improvements
Related Documents
User Journeys:
Feature Documentation:
- Global User Management - User lookup, audit trails, account actions
- Finance Overview - Subscription monitoring, Stripe access
- System Monitoring - Infrastructure health, queues, logs
- Plan Management - Subscription plans and pricing
- Vault Management - Secrets and SSH key management
Route Specifications:
- Platform Admin Routes - Complete UI specification for admin dashboard
Technical Documentation:
- Admin Operations API - User and Tenant management endpoints
- Finance API - Subscription and billing endpoints
- System Monitoring API - Health check and metrics endpoints
- Vault API - Secrets management endpoints
Keywords: admin journeys, platform administration, user management, security, compliance, system configuration