public active Last verified 2026-04-28

Topolo Admin

Public overview of the administrative interface used for org, user, service, and audit management across the Topolo platform.

Owners
platform-admin
Source Repos
PlatformApplications/TopoloAdmin, PlatformApplications/TopoloDocs
Systems
Topolo Admin, Topolo Auth
Tags
admin, auth, organizations

What It Is

Topolo Admin is the operator-facing administrative UI for platform-wide organization, user, service, permission, and audit workflows.

Architecture

The app is a React-based browser surface that depends on Topolo Auth for identity and authorization while presenting role-aware admin workflows for platform-admin and organization-admin users. Legacy Admin routes for developer review queues and support now act only as handoff screens into their owning applications.

Runtime Surfaces

The primary host is https://admin.topolo.app.

API Reference

Topolo Admin is primarily a UI surface over Auth-backed admin routes. Use /systems/topolo-admin together with the Auth references for the current runtime and admin API families.

Authenticated admins can set a user password directly from the admin UI without using the public email-token recovery flow. Eligible admins can delete users directly from the admin UI. Standard deletion removes access and hides the user from normal admin reads, while super-admin permanent deletion is reserved for full erase cases. Organization deletion is a soft-delete workflow that immediately suspends org-user access, blocks org-scoped service authorization, and keeps the org available for later restore or retention-based purge. Super admins can also surface deleted organizations in the admin UI and restore them when needed. Org admins can create organization-specific custom roles, start them from an existing org role template, decide which applications belong to each role, and manage each role’s per-application permission bundle inside their own organization rather than relying on one fixed global role set for every tenant. Org admins can also manage per-user launchable application access within the set of apps already enabled for the organization. Apps included for the whole org remain enabled for everyone, while seat-based apps can be assigned or unassigned per user only when the org still has available seats. Auth remains the source of truth for seat usage and role-based preset suggestions. Super admins can also manage assignments from the application side by opening a service and assigning or revoking it for selected organizations, every active organization, selected eligible users, or every eligible user. User-level assignment remains bounded by the organization’s app entitlement. Organization service assignment separates launchable applications from technical services such as APIs, runtimes, and internal support services using Auth catalog metadata.

Auth and Permissions

Topolo Admin uses Auth-issued bearer or session context and enforces role-based access for platform-admin and org-admin operations. Platform-wide actions are reserved to Auth platform_super_admin and platform_admin users in the admin organization; org-scoped super_admin users stay scoped to their own org in the browser UI. Browser login URL construction and callback-code redemption run through the shared Topolo Auth client rather than Admin-owned handoff or exchange paths. That org-scoped tier remains elevated over normal members: same-org owners, org super admins, and admins can still manage organization settings, user security, sessions, and user-level permission workflows without receiving platform-wide controls. The browser keeps a same-tab Auth token restore by default after sign-in and refresh, so a normal reload should return to the Admin workspace rather than appearing signed out while cookie refresh catches up.

Data Ownership

Topolo Admin owns the administrative browser experience. Topolo Auth remains the source of truth for users, orgs, services, permissions, and audit records. That includes per-user application access overrides layered on top of org-level app access. It also includes the app-centric assignment UI; Admin owns target selection and bulk grant/revoke actions while Auth owns persisted organization-service relationships and user-service access evaluation. Developer review queues now live in Topolo Developers, and support workflow now lives in Topolo Support.

Deployments

Topolo Admin deploys as a browser application that fronts the centralized Auth admin APIs.

Failure Modes

  • stale admin role or session context
  • UI drift from current Auth admin route families
  • org-scoped actions incorrectly treated as platform-wide actions

Debugging

Start with /systems/topolo-admin for the current host and service metadata, then verify the corresponding Auth admin route family.

Change Log / Verification

  • Corrected authenticated Admin shell content padding on 2026-04-28 so audit log details and sibling workspace pages use the same tighter spacing from the shared sidebar and top chrome.
  • Enabled same-tab browser session restore by default on 2026-04-23 so Admin reloads remain signed in after successful Auth handoff or refresh.
  • Recast Admin onto the explicit platform-role model on 2026-04-24 so only Auth platform_super_admin and platform_admin users in the admin org render platform-admin actions and global datasets.
  • Restored elevated org-admin handling on 2026-04-24 so same-org owners, org super admins, and admins keep org-scoped settings, security, session, and permission-management access after platform-only UI is removed.
  • Corrected app-centric assignment management on 2026-04-22 so service rows navigate through the Admin router and assigned organizations or users can be selected for revoke actions.
  • Segmented organization service assignment by service surface on 2026-04-23 so application access and technical capability access are easier to manage separately.
  • Added app-centric organization and user assignment management on 2026-04-22.
  • Delegated Admin login URL construction and callback-code redemption to the shared Topolo Auth client on 2026-04-18.
  • Re-homed developer review queues and support workflow out of Admin on 2026-04-13 so the old Admin routes now hand operators off to the owning applications instead of fronting duplicate queue logic
  • Added organization-scoped custom-role management on 2026-04-10 so org admins can create org-specific roles and tailor each role’s service permissions inside the admin UI
  • Clarified org-role bundle management on 2026-04-10 so org admins can explicitly add or remove applications from a role and seed new custom roles from existing org-role templates before tailoring permissions
  • Converted per-user application access to the seat-assignment model on 2026-04-26 so org admins can assign or unassign seat-based apps inside their own org while org-included apps remain enabled for everyone.
  • Added per-user application access management on 2026-04-10 so org admins can narrow which org-enabled applications a user can launch and apply role-based preset suggestions from Auth
  • Corrected the Admin browser favicon rollout on 2026-04-07 so the live application now points at the new brand icon set instead of continuing to rely on the older cached ICO path
  • Added canonical Topolo Admin coverage and retired repo-local admin docs on 2026-03-30
  • Verified the direct admin password-set workflow on 2026-03-31
  • Verified the admin user-delete workflow and soft-delete visibility rules on 2026-03-31
  • Verified the distinction between soft delete and permanent user purge on 2026-03-31
  • Verified that org soft-delete immediately suspends org-user access and hides deleted orgs from normal Admin reads on 2026-03-31
  • Verified that super admins can surface and restore soft-deleted organizations on 2026-03-31
  • Verified that the Admin add-user form starts with blank email and password fields instead of inheriting login autofill on 2026-04-03