🔧 Admin Guide
Complete guide for administrators managing EasySign.
Accessing the Admin Panel
Access the admin panel via:
- Sidebar link "Admin Panel" (visible to admin users only)
- Direct URL:
/admin/
Dashboard
The admin dashboard shows:
- Total users, documents, and organizations
- Revenue statistics
- Recent audit logs
- System health indicators
User Management
Navigate to Admin → Users
User Actions
| Action | Description |
|---|---|
| Edit | Change user details, role, or plan |
| Change Plan | Upgrade/downgrade subscription |
| Ban/Unban | Block user access |
| Delete | Permanently remove user |
| Login As | Impersonate user for debugging |
User Roles
- user - Standard user
- org_admin - Organization administrator
- admin - System administrator (full access)
Organization Management
View and manage all organizations:
- See member counts and usage
- Edit organization details
- Delete organizations (cascades to members)
Subscription Management
Navigate to Admin → Subscriptions
Subscription Actions
- View Details - See subscription status
- Extend - Add days to subscription
- Cancel - End subscription immediately
- Change Plan - Upgrade/downgrade
Manual Payments
Navigate to Admin → Payments
When users pay via bank transfer:
- User uploads payment proof
- Review the proof image
- Click "Approve" to activate their subscription
- Or "Reject" with a reason
Invoice Management
View all generated invoices:
- Filter by status (paid, pending, failed)
- Download invoice PDFs
- Mark invoices as paid manually
Security Settings
Navigate to Admin → Security Settings
Login Security
- Max Login Attempts - Failed attempts before blocking
- Block Duration - How long to block after max attempts
- Session Timeout - Auto-logout after inactivity
Password Policy
- Minimum Length - Required password length
- Complexity - Weak/Medium/Strong requirements
Two-Factor Authentication
- MFA Enforced - Require all users to set up MFA
Blocking Rules
Block access by:
- IP Address - Block specific IPs
- Email - Block specific email addresses
- Domain - Block entire email domains
Tool Access Control
Navigate to Admin → Tool Access
Control which plans can access which PDF tools:
- Enable/disable tools per plan
- Limit usage counts
Global Settings
Configure application-wide settings:
Branding
- App Name
- Logo (light and dark versions)
- Favicon
- Brand Color
Email (SMTP)
- SMTP Host, Port, Security
- SMTP Username and Password
- From Email Address
Business Settings
- Bank Details (for manual payments)
- Company Name (for invoices)
- Company Address
- Tax ID/TIN
Vulnerability Scanner
Navigate to Sidebar → Security Scanner
ISO 27001 compliant vulnerability management:
- View all installed technologies and versions
- Check for known CVEs
- Get upgrade recommendations
- Track security score
Ad Settings
Configure ads for free users:
- Enable/disable ad system
- Google AdSense configuration
- Custom image/video ads
- Bonus documents for watching ads
Audit Logs
All user actions are logged:
- Login/logout events
- Document actions
- Setting changes
- Security events
Logs include timestamp, user, IP address, and action details.
Document Management
View all documents across all users:
- Search by filename or owner
- Filter by status
- View document details
- Delete if necessary
Privacy Note: Admin document access is logged in the audit trail for compliance.
Best Practices
- Regularly review audit logs for suspicious activity
- Run the vulnerability scanner weekly
- Keep PHP and composer packages updated
- Use strong passwords and enable MFA
- Backup the database regularly
- Monitor disk space for uploads folder