Admin Panel Overview

Your SaaS needs a back-office from day one. SaasKitFy includes a complete admin panel so you never have to SSH into a server to manage users or change settings. From the moment you deploy, you have a full-featured control center for your platform -- user management, billing configuration, feature flags, system health, and more -- all accessible through a clean web interface.

Why This Matters

Without an admin panel, every operational task becomes an engineering ticket. A customer needs to be suspended? Someone opens a terminal and runs a database query. A setting needs to change? A developer edits a config file and redeploys. This does not scale. With SaasKitFy's admin panel, non-technical team members can handle day-to-day operations, and developers can focus on building product instead of running ad-hoc scripts.

Access Control: Two Roles, Separated by Design

The admin panel uses two global roles that are completely independent of organization roles. A super_admin is not automatically a member of any organization, and an organization owner has no admin panel access unless explicitly granted a global role.

super_admin -- Full Access

Super admins have unrestricted read and write access to every admin feature. They can manage users, change platform settings, modify billing plans, toggle feature flags, and delete organizations. This role is intended for founders, CTOs, and senior operations staff who need complete control over the platform.

support_agent -- Read-Only Access

Support agents can view all admin data -- users, organizations, audit logs, settings -- but cannot modify anything. This is critical for scaling your support team safely.

When to Use the Support Agent Role

As your SaaS grows, you will hire customer support staff who need to investigate issues: look up a user's account, check their organization's subscription status, or review audit logs to understand what happened. Without a read-only role, you would either have to give them full admin access (risky) or make engineers handle every support request (slow and expensive). The support_agent role lets your support team investigate and answer customer questions without any risk of accidentally suspending a user, changing a setting, or deleting data.

Routing and Middleware

All admin routes are prefixed with /admin and protected by two middleware layers:

Middleware: auth:sanctum, role:super_admin|support_agent

• Read routes (GET) -- accessible by both super_admin and support_agent
• Write routes (POST, PUT, PATCH, DELETE) -- restricted to super_admin only

This means you never have to worry about permission checks inside individual controller methods for the read-vs-write distinction. The middleware handles it globally.

Controllers by Purpose

The admin panel is powered by 14 controllers, organized into four functional groups:

User and Organization Management

• AdminUserController -- search, view, suspend, unsuspend, delete users, assign global roles, and impersonate accounts for debugging
• AdminOrganizationController -- list, view, and delete organizations along with all their associated data
• AdminRoleController -- manage global roles and permissions (super_admin, support_agent)
• AdminOrgRoleController -- define organization role templates (owner, admin, member) and their default permissions

Billing and Plans

• AdminPlanController -- create, update, and archive subscription plans (free, starter, pro, enterprise), set pricing, define feature limits, and sync with Stripe
• AdminUsageController -- view platform-wide usage metrics, identify organizations approaching their plan limits, and monitor consumption trends

Platform Configuration

• AdminSettingsController -- manage 150+ platform-wide settings across categories: authentication methods, billing gateways, mail drivers, storage backends, branding, SEO, and more
• AdminEmailTemplateController -- customize transactional email templates (welcome emails, password resets, invoices) with variables, preview, and test send
• AdminFeatureFlagController -- create and manage feature flags with targeting rules (by plan, organization, user, or percentage rollout)

Monitoring and Operations

• AdminDashboardController -- platform statistics, growth charts, signup velocity, and a quick-glance overview of system health
• AdminAuditLogController -- view, search, and filter the complete audit trail of every significant action on the platform
• AdminQueueController -- monitor background job queues, view failed jobs, retry or delete them, and check worker status
• AdminHealthController -- system health checks for database, Redis, mail, storage, and Stripe connectivity
• AdminCacheController -- view cache statistics, flush specific cache tags, or clear the entire cache when needed

Settings Architecture

The admin panel exposes 150+ configurable settings organized by category. All settings are persisted to the database via the AppSetting model, which means changes take effect immediately without any code changes or redeployment. When a super admin updates a setting in the admin panel, it is written to the app_settings table and the application reads the new value on the next request.

Settings categories include authentication (enable/disable OAuth providers, MFA requirements), billing (Stripe keys, tax configuration, trial periods), mail (SMTP credentials, sender addresses), storage (S3/R2 bucket configuration), branding (app name, logo, primary colors, support email), and many more. Each setting has a type (string, boolean, integer, JSON), a default value, and validation rules.

Frontend

The React frontend includes dedicated admin pages at /admin/* with its own layout, separate from the organization dashboard. The admin layout includes a sidebar navigation organized by the same four groups listed above, a top bar showing the current admin user, and breadcrumb navigation. Admin routes are protected on the frontend by checking the user's global role before rendering -- if a non-admin user tries to access /admin, they are redirected to their organization dashboard.