Overview
The Super Admin is a special privileged account with unrestricted access to the Enterprise Stack. Unlike regular accounts, Super Admins cannot be created via the API—they can only be activated using a pre-configured token.
Key Characteristics
| Aspect | Description |
|---|---|
| Creation | Activated via token (not created via API) |
| Configuration | Defined in superadmin-registration.conf |
| Permissions | Bypasses all permission checks (full access) |
| Scope | Global access across all organizations and tenants |
Super Admin Privileges
The Super Admin has unrestricted access to:
- All organizations and tenants
- All enterprise services
- All administrative operations
- All API endpoints
The Super Admin bypasses the entire RBAC permission system. No allow or deny rules apply to Super Admin accounts.
When to Use Super Admin
| Appropriate Use | Avoid Using For |
|---|---|
| Initial system setup | Day-to-day operations |
| Emergency recovery | Routine administration |
| Creating initial admin accounts | Automated processes |
| Troubleshooting access issues | Production API calls |
Security Recommendations
The Super Admin should be used sparingly and with caution due to its unrestricted access.
| Recommendation | Rationale |
|---|---|
| Use only for initial setup | Create regular admin accounts for ongoing administration |
| Protect credentials | Store Super Admin credentials securely, separate from other secrets |
| Monitor usage | Review audit logs for Super Admin activity |
| Avoid in automation | Never use Super Admin credentials in automated scripts or CI/CD |
| Consider disabling | In highly secure environments, disable after initial setup |
Configuration
The Super Admin is configured in superadmin-registration.conf, which must be provided alongside other Enterprise API configuration files. This file defines:
- Super Admin email address
- Super Admin password
- Activation token
See Configure Super Admin Accounts for configuration details.
Get Started
- Configure Super Admin - Set up the configuration file
- Activate Super Admin - Activate the account using the token
- Authenticate - Log in and obtain a session token
Last updated on May 6, 2026