Docs/Platform Admin Guide
Platform Admins

Platform Admin Guide

Tenant management, user administration, billing plans, audit logs, feature flags, and platform health monitoring.

Overview

JMS is a multi-tenant platform where each tenant is an organisation operating one or more academic journals. As a platform admin you sit above all tenants: you provision organisations, enforce quotas, manage billing plans, monitor security events, and control platform-wide behaviour.

RoleScopeCapabilities
platform_adminEntire platformFull access to all admin pages
tenant_adminOne tenantManages users and settings within their org
tenant_super_userOne tenantElevated tenant-level permissions, no billing access
editorTenant journalManages submissions, assigns reviewers
reviewerTenant journalReviews assigned manuscripts
authorTenant journalSubmits and tracks manuscripts
Platform admins operate exclusively through the /admin section of the UI. Tenant staff never see this area.

Getting started

  1. 1
    Navigate to /login and sign in with your platform admin credentials.
  2. 2
    You are redirected to /admin — the Admin Dashboard.
  3. 3
    The dashboard shows platform-wide stats: active tenants, total users, submissions in the last 30 days, and current queue depth.
To add a second platform admin, go to Platform Admins (/admin/platform-admins) and click Invite Admin. Keep the number of platform admins small — every action is recorded in the audit log.

Tenant management

Creating a tenant

  1. 1
    Open Tenants (/admin/tenants) and click New Tenant.
  2. 2
    Fill in the required fields (see table below).
  3. 3
    Click Create. The system provisions the tenant, seeds default journal settings, and sends the owner invite.
FieldDescription
nameDisplay name for the organisation
slugURL-safe identifier (e.g. oxford-press) — immutable after creation
planBilling plan to attach at creation
owner_emailEmail of the first tenant_admin; receives an invite immediately

Suspending a tenant

On the Tenant Detail page, click Suspend. Suspended tenants cannot log in and all API calls return 403. Data is retained. To reinstate, click Unsuspend.

Suspension is immediate. Notify the tenant admin before acting unless the suspension is for a security incident.

User management

  • Searching users/admin/users searches across all tenants. Filter by email, name, tenant, or role.
  • Editing roles — in the User Drawer, use the Roles tab. Role changes apply immediately and are logged.
  • Disabling a user — toggle Active off in the User Drawer. The user's JWT is invalidated within 60 seconds.
Removing tenant_admin from the last admin of a tenant leaves it without an administrator. Assign a replacement before removing the current admin.

Billing & plans

Plan quotas

Plans are defined at Plans Config (/admin/plans). A value of 0 means unlimited.

PlanSubmissionsJournalsMembersStorageAI screenings
Free1015500 MB0
Starter1003255 GB50
Professional1,0001010050 GB500
EnterpriseUnlimitedUnlimitedUnlimitedUnlimitedUnlimited
When a tenant hits a quota, BillingService.checkLimit throws a QuotaExceededException. The tenant admin sees a clear error message.

Managing subscriptions

Subscriptions (/admin/subscriptions) shows each tenant's current plan, renewal date, and payment status. You can upgrade or downgrade a plan, apply a custom override quota, or cancel a subscription (tenant moves to Free tier at period end).

Security & audit

Audit log

Audit Logs (/admin/audit-logs) records every state-changing action platform-wide.

FieldDescription
timestampUTC time of the event
actorRefUser or system that performed the action
actionVerb (e.g. tenant.suspended, user.role_changed)
resourceTypeEntity type (Tenant, User, Submission, …)
resourceIdPrimary key of the affected record
diffJSON showing before/after field values

Suspicious activity

Suspicious Activity (/admin/suspicious-activity) surfaces automated alerts such as repeated failed logins from the same IP, unusual login geography, and bulk-download patterns. Review each alert and dismiss or act (disable user, block IP at nginx layer).

Platform operations

  • General Settings (/admin/general-settings) — default timezone, allowed email domains, session timeout, maximum upload size.
  • API Keys (/admin/api-keys) — manage machine-to-machine keys. Always scope to minimum required permissions. Rotate immediately if compromised.
  • Maintenance Mode (/admin/maintenance) — all tenant routes return 503 with a configurable message. Admin routes remain accessible.
  • Mail queue — JMS uses BullMQ (Redis-backed) for all outbound email. Jobs retry up to 3 times with exponential backoff.
Enabling maintenance mode affects every tenant simultaneously. Use the Announcements feature to warn tenants in advance.

Feature flags & announcements

  • Feature Flags (/admin/feature-flags) — enable or disable features for specific tenants or the entire platform. Takes effect immediately with no deployment required.
  • Announcements (/admin/announcements) — broadcasts messages to tenant admins as banners. Set an expiry date so banners auto-dismiss.

Monitoring & health

ServiceWhat is checked
PostgresConnection pool, query latency
RedisPing latency, memory usage
S3 storageBucket reachability, write test
Mail queueBullMQ worker active, queue depth

Green = within threshold. Yellow = degraded (elevated latency). Red = unreachable.

Troubleshooting

Tenant admin cannot log in

  1. 1
    Check Login History for recent attempts — confirm the correct email is being used.
  2. 2
    Verify the tenant is not suspended (Tenant Detail page).
  3. 3
    Verify the user account is active (User Drawer → Active toggle).
  4. 4
    If a JWT issue is suspected, ask the user to clear cookies and retry.

Emails not arriving

  1. 1
    Open Health and verify mail queue is green.
  2. 2
    Check the BullMQ dead-letter queue for the specific job.
  3. 3
    Confirm SMTP credentials in environment config are current.
  4. 4
    Check spam folders — SPF/DKIM misconfiguration causes silent delivery failures.

A tenant hit a quota unexpectedly

  1. 1
    Open Tenant Detail and compare current usage to plan limits.
  2. 2
    Check the audit log for recent bulk imports or unusual activity.
  3. 3
    If the quota is legitimately too low, upgrade the plan or apply a one-off override in Subscriptions.

Webhook events not firing

  1. 1
    Check the audit log for the relevant action — confirm the event was recorded.
  2. 2
    Verify the tenant's webhook URL is reachable from the JMS server.
  3. 3
    Check the event delivery log for HTTP error codes from the destination.