Admin Getting Started
This guide walks you through the initial setup of your Tegendo.AI organization, from inviting your first users to configuring security policies and model access.Admin dashboard overview
The admin dashboard is accessible to users with the Admin role. Navigate to Settings in the sidebar to access it. The dashboard is organized into the following sections:| Section | Description |
|---|---|
| Members | Manage users, roles, and invitations |
| Teams | Organize users into groups with shared permissions |
| Models | Configure which AI models are available and set defaults |
| Skills | Create and manage organization-wide skills |
| Integrations | Connect external tools and services |
| Security | Configure SSO, data retention, and audit settings |
| Billing | Manage your subscription and view usage |
Initial setup checklist
Follow this checklist to get your organization production-ready:Configure SSO
Set up Single Sign-On with your identity provider (Okta, Azure AD, Google Workspace, etc.) to streamline authentication and enforce your security policies.Set up SSO
Set model policies
Choose which AI models your organization can access and set a default model. You can restrict specific models by role or team.Configure model policies
Invite members
Invite your team via email or SCIM provisioning. Assign roles to control access levels.
Create teams
Organize members into teams. Teams can have their own model policies, default agents, and access controls.
Configure data retention
Set how long conversation data is retained based on your compliance requirements.Configure data retention
Set up integrations
Connect Google Workspace, Slack, Confluence, and other tools your team uses.Set up integrations
Create organization skills
Build skills that encode your company’s standards, conventions, and best practices.Create skills
Review security settings
Enable audit logging, configure IP allowlists, and review the security overview.Security overview
Inviting members
Email invitations
- Go to Settings > Members
- Click Invite Members
- Enter one or more email addresses (comma-separated)
- Select a role for the invited users
- Click Send Invitations
Bulk import
For large teams, use the CSV import feature:- Click Import CSV in the Members tab
- Upload a CSV with columns:
email,role,team - Review the preview and click Import
SCIM provisioning
If you’ve configured SCIM with your identity provider, users are automatically provisioned when added to the assigned group in your IdP. See the SSO and SCIM guide for setup instructions.Roles
Tegendo.AI uses role-based access control with the following built-in roles:| Role | Capabilities |
|---|---|
| Admin | Full access to all settings, members, billing, and security configuration |
| Manager | Can manage teams, create organization agents and skills, view analytics |
| Member | Standard access to chat, agents, skills, and projects |
| Viewer | Read-only access to shared conversations and published agents |
Setting up model policies
Model policies control which AI models are available to your organization and how they are used.- Go to Settings > Models
- For each model, configure:
- Enabled/Disabled — Whether the model is available
- Default — Set one model as the default for new conversations
- Role restrictions — Restrict access to specific roles (e.g., only Admins can use Opus)
- Rate limits — Set per-user or per-team usage limits
Model availability also depends on your subscription plan. Enterprise plans include access to all models. See Billing for plan details.
Configuring feature flags
Admins can toggle platform features for their organization:| Feature | Description | Default |
|---|---|---|
| Conversation sharing | Allow users to share conversations with teammates | Enabled |
| File uploads | Allow file attachments in chat | Enabled |
| Personal skills | Allow users to create their own skills | Enabled |
| Agent creation | Allow non-admin users to create agents | Disabled |
| Web search | Enable web search tool in conversations | Enabled |
| API access | Allow programmatic access via the API | Disabled |
Security settings
Quick-access security configurations available in the admin dashboard:- Enforce SSO — Require all users to authenticate via SSO (disables password login)
- Session timeout — Set the idle session timeout duration (default: 24 hours)
- IP allowlist — Restrict access to specific IP ranges
- Audit logging — Enable comprehensive audit logging (enabled by default)
- Data retention — Configure automatic data deletion schedules