Settings¶
Organization settings control global configuration that applies across all workspaces, solutions, and users. Admins can customize the organization's identity, manage API keys, toggle feature flags, and configure platform behavior from a single settings page.
Organization Settings¶
General Settings¶
Configure the basic identity and defaults for your organization.
| Setting | Description |
|---|---|
| Organization Name | Display name shown in the UI, emails, and API responses (3-200 chars) |
| Organization Slug | URL-safe identifier used in API paths, e.g., acme-corp (3-100 chars, lowercase alphanumeric with hyphens) |
| Default Workspace | The workspace new users are added to by default |
| Contact Email | Primary contact email for platform notifications |
| Contact Phone | Optional support contact phone number |
| Billing Email | Email address for invoices and billing notifications (if different from contact email) |
| Industry | Industry classification for your organization (up to 100 chars) |
| Primary Domain | Primary email domain for your organization, used for SSO and domain-restricted invitations |
| Timezone | Default timezone for scheduling, reports, and dashboard displays |
Billing Address¶
| Setting | Description |
|---|---|
| Address Line 1 | Street address for invoicing |
| Address Line 2 | Suite, floor, or unit number |
| City | Billing city |
| State / Province | Billing state or province |
| Postal Code | Billing postal or ZIP code |
| Country | Billing country |
Navigate to Admin > Settings > General to edit these values.
Branding and Customization¶
Customize the platform's appearance to match your organization's identity. Branding settings apply to the web UI, email notifications, and exported reports.
| Setting | Description | Accepted Formats |
|---|---|---|
| Logo | Displayed in the top navigation and login page | SVG, PNG (max 2 MB, recommended 200x50 px) |
| Favicon | Browser tab icon | ICO, PNG, SVG (max 100 KB) |
| Primary Color | Main accent color for buttons, links, and highlights | Hex color (e.g., #2563eb) |
| Secondary Color | Secondary accent color used for badges and supporting UI elements | Hex color (e.g., #10b981) |
| Accent Color | Tertiary highlight color for alerts and call-to-action elements | Hex color (e.g., #f59e0b) |
| Font Family | UI font applied throughout the platform | Font name (e.g., Inter; max 100 chars) |
| Login Background | Background image or color for the login page | Image (max 5 MB) or hex color |
| Email Header | Custom header image for email notifications | PNG (max 1 MB, recommended 600x100 px) |
| Custom CSS | Additional CSS injected into the web UI | CSS text (max 50 KB) |
Navigate to Admin > Settings > Branding to upload assets and configure colors. A live preview shows changes before you save.
Branding availability
The Branding tab is only available for Service Provider organizations. Standard organizations use the default Manifest Platform branding.
API Key Management¶
API keys authenticate CLI tools, CI/CD pipelines, service accounts, and external integrations. Organization admins manage keys centrally, while individual users can manage their own personal keys.
Key Types¶
| Type | Scope | Use Case |
|---|---|---|
| Organization Key | Full organization access, scoped by the assigned role | CI/CD pipelines, infrastructure automation |
| Personal Key | Scoped to the creating user's permissions | Individual CLI usage, personal scripts |
| Service Account Key | Scoped to a service account's role assignments | Background jobs, inter-service communication |
API Key Fields¶
When creating a key, you configure:
| Field | Required | Description |
|---|---|---|
name |
Yes | Descriptive name for the key (1-100 chars), e.g., "GitHub Actions - Production" |
description |
No | Longer explanation of the key's purpose (up to 500 chars) |
scopes |
Yes | List of permission strings the key grants, e.g., ["workflow:execute", "connector:read"]. Use ["*:*"] for full access |
expires_at |
No | Expiration timestamp. Omit for a non-expiring key |
The full key value is returned once at creation and then never again. Only the key_prefix (first 8 characters) is shown in subsequent API responses or the UI.
Creating an API Key¶
- Go to Admin > Settings > API Keys
- Click Generate New Key
- Choose the key type (Organization, Personal, or Service Account)
- Enter a descriptive name (e.g., "GitHub Actions - Production Deploys")
- Set an expiration date (or choose "No expiration")
- Select the permission scopes to grant (e.g.,
workflow:execute,connector:read) - Click Create
- Copy the key immediately -- it will not be shown again
Key Rotation¶
Regularly rotating API keys reduces the blast radius of a compromised key.
Rotate API keys in Admin > Settings > API Keys by selecting a key and clicking Rotate. You can set a grace period during which both the old and new keys are valid.
Key security
- Store API keys in a secrets manager (e.g., Vault, AWS Secrets Manager), not in source code or environment files checked into Git.
- Use the narrowest possible role for each key.
- Set expiration dates. Keys without expiration are a security risk.
- Review the audit log for
auth.token.createdandauth.token.revokedevents to track key lifecycle.
Revoking a Key¶
Revoke a key immediately in Admin > Settings > API Keys by selecting the key and clicking Revoke. Revocation takes effect immediately.
Service Provider Settings¶
The Service Provider tab is available to all organizations and controls multi-tenant hosting configuration. Service Provider mode enables the organization to act as a platform host for other tenant organizations — with branding overrides, custom domain routing, and tenant lifecycle management.
Navigate to Admin > Settings > Service Provider to configure.
Workspace Management¶
Workspaces partition resources within your organization. Admins create and manage workspaces from the settings page.
Creating a Workspace¶
- Go to Admin > Users & Roles > Workspaces
- Click Create Workspace
- Enter a name and optional description
- Configure default settings (deployment rings, resource limits)
- Click Create
Workspace Fields¶
| Field | Required | Description |
|---|---|---|
name |
Yes | Display name (3-200 chars) |
slug |
No | URL-safe identifier (3-100 chars, lowercase alphanumeric with hyphens). Auto-generated from name if omitted |
description |
No | Purpose or scope of the workspace (up to 500 chars) |
status |
— | active, suspended, or archived. Managed by admins after creation |
Environments¶
Each workspace contains one or more environments (dev, staging, production) that control where solutions are deployed.
| Field | Required | Description |
|---|---|---|
name |
Yes | Display name for the environment (2-100 chars) |
slug |
No | URL-safe identifier (2-100 chars). Auto-generated if omitted |
tier |
Yes | One of: dev, stage, prod |
deployment_host |
No | Target host for deployments (up to 50 chars) |
aegis_cpu_limit |
No | CPU limit for hosted service containers (0.25–2.0 cores) |
aegis_ram_limit_mb |
No | Memory limit for hosted service containers (512–8192 MB) |
Security Policies¶
Configure organization-wide authentication and access policies.
| Setting | Description |
|---|---|
| Require MFA | When enabled, all users in the organization must complete multi-factor authentication to log in |
| Allow User Key Override | When enabled, users may supply their own LLM provider API keys, overriding the organization default |
Navigate to Admin > Settings > Security to configure these policies.
LLM Proxy Settings¶
Control how the platform routes AI model requests for your organization.
| Setting | Description |
|---|---|
| Self-managed LLMs | Allow workspaces to configure their own LLM provider credentials instead of using the platform default |
| Bring Your Own Key (BYOK) | Allow users or workspaces to supply API keys for LLM providers directly |
| Platform models | Enable access to models hosted by the platform (as opposed to user-supplied providers) |
| LiteLLM Proxy URL | URL of a self-hosted LiteLLM proxy that the platform forwards model requests to |
| LiteLLM API Key | Authentication key for the LiteLLM proxy (write-only; only the key prefix is shown after saving) |
Workspaces can optionally override the organization-level LiteLLM proxy URL and key with their own. See workspace settings.
Navigate to Admin > Settings > LLM to configure.
Gateway Trace Configuration¶
Control how the AI Gateway logs inference requests for observability and debugging.
| Setting | Description |
|---|---|
| Trace mode | One of: all (log every request), errors_only, sampled (log a percentage), none (disable tracing) |
| Trace sample rate | Fraction of requests to log when trace_mode is sampled (0.00–1.00). Defaults to 1.0 |
| Trace retention days | How many days trace data is retained before automatic deletion. Defaults to 30 |
Navigate to Admin > AI Gateway to configure.
Organization Banner¶
Display a persistent announcement banner to all users in the organization — useful for maintenance windows, policy changes, or important notices.
| Setting | Description |
|---|---|
| Enabled | Whether the banner is shown to users |
| Message | Banner text (up to 500 chars) |
| Variant | Visual style: info, warning, success, or error |
| Dismissible | Whether users can close the banner. Defaults to true |
Navigate to Admin > Settings > General to configure.
Notification Preferences¶
The platform sends email notifications for key events including user invitations, budget alerts, compliance violations, and deployment failures. Notification recipients are configured per feature (e.g., alert recipients on the billing dashboard, invitation emails through user management).