Admin Console
The Auris Console is a web-based administration panel for managing every aspect of your Auris IAM tenant. It provides full control over applications, users, roles, security policies, branding, and audit logs — all without requiring direct database access or familiarity with the underlying Keycloak administration interface.
The Console runs as a separate application from the Auris API. By default, it is available at port 3003. In production deployments, it is typically served at an internal or admin-only subdomain (for example, admin.yourdomain.com).
Note: The Console requires an administrator account to access. The initial admin user is created during tenant setup. Subsequent administrator accounts can be created by any existing user with the
manage:userspermission and the Administrator role assigned.
Dashboard
When you log in to the Console, you land on the main dashboard. This page gives an at-a-glance view of the health and activity of your tenant.
Stat Cards
The top row displays four key metrics:
| Metric | Description |
|---|---|
| Total Users | Number of active user accounts in the tenant |
| Active Sessions | Number of valid, non-expired user sessions right now |
| Applications | Number of registered application clients |
| Recent Activity | Count of audit log events in the last 24 hours |
Recent Activity Feed
Below the stat cards, a feed shows the ten most recent audit events. Each entry displays:
- The action type (for example,
user.login,role.permission_changed) - The actor who performed the action (user email or
systemfor automated events) - The target resource (user ID, application name, etc.)
- A relative timestamp (for example, “3 minutes ago”)
Click any activity entry to open the full log detail in a side panel.
Quick Actions
The dashboard includes a set of quick action links to the most common administrative tasks:
- Create a new user
- Create a new application
- Create a new role
- View all audit logs
- Configure authentication settings
Sidebar Navigation
The sidebar on the left side of the Console organizes all administrative sections. The navigation is grouped by function:
Applications
Manage the OAuth 2.0 client applications registered in your tenant. Create, configure, and delete applications. View credentials, configure URIs, set token lifetimes, and manage custom JWT claims.
See Applications.
Users
Browse and manage user accounts. Create users, assign roles, view sessions, disable accounts, and trigger password resets or email verifications.
See Users & Roles.
Roles
Define roles and configure their permissions. The role permission editor covers 10 permission categories with individual Switch toggles per permission.
See Users & Roles.
Authentication
Configure which authentication methods are available for your tenant: social providers, magic links, SMS OTP, MFA enforcement, session policies, and password policy.
Branding
Customize the hosted login page and email templates with your logo, colors, and company name.
See Branding.
Organizations
Manage B2B organizations — groups of users with their own membership roles, invitations, and enterprise SSO connections.
See Organizations.
Actions
Create custom JavaScript hooks that execute during authentication flows (pre-login, post-login, pre-signup, etc.) to implement custom business logic.
See Actions Engine.
Logs
View and filter the complete audit log for your tenant. Stream logs to external systems (Webhook, S3, Datadog, Splunk).
See Logs & Compliance.
Settings
Three settings sections are accessible from the sidebar:
- SMTP: Configure the outbound email server for transactional emails
- Security: IP rules, brute-force protection, suspicious login detection, CAPTCHA, and rate limiting
- Tenant: General tenant configuration, import/export, and custom domains
Developer Hub
Tools for developers working with the Auris API: API Explorer, Token Decoder, Sandbox, CLI reference, SDK reference, Quickstarts, and documentation links.
First-Time Setup
If you have just deployed Auris and are logging in to the Console for the first time, complete these steps to configure your tenant before integrating your first application.
Create your first Application
Go to Applications in the sidebar and click Create Application. Choose the application type that matches your project (Web for browser apps, Mobile for native apps, API for resource servers, M2M for server-to-server). Copy the Client ID — you will need it for your SDK configuration.
For step-by-step configuration details, see Applications.
Configure authentication methods
Go to Authentication in the sidebar. Enable at least one authentication method:
- Email/password is enabled by default
- Enable Social Login if you want to offer Google, GitHub, or other providers
- Enable Magic Links for passwordless email authentication
- Configure your Password Policy to match your organization’s security requirements
For full configuration reference, see Authentication Settings.
Create roles and permissions
Go to Roles in the sidebar and click Create Role. Create roles that match the access levels in your application (for example: Admin, Editor, Viewer). Open each role’s detail page and enable the permissions that role should have.
For details on the permission model, see Users & Roles.
Customize branding
Go to Branding in the sidebar. Upload your company logo, set your primary color, and enter your company name. Changes appear immediately in the live preview panel and will be reflected on the hosted login page.
For full branding options, see Branding.
Configure email sending
Go to Settings → SMTP. Enter the credentials for your outbound email server (host, port, username, password, sender address). Use the Send Test Email button to verify delivery before going to production.
(Optional) Set up custom domain
If you want your hosted login pages to appear under your own domain (for example, auth.yourdomain.com), go to Settings → Custom Domains, add your domain, follow the DNS verification instructions, and set it as the primary domain.
See Branding — Custom Domains for full instructions.
Section Reference
Register and configure OAuth 2.0 client applications. Manage credentials, redirect URIs, token settings, custom JWT claims, and M2M scopes.
ApplicationsManage user accounts and role-based access control. Create users, assign roles, view sessions, and configure granular permissions per role.
Users & RolesCustomize hosted login pages and email templates with your logo, colors, company name, and custom domain configuration.
BrandingEnable and configure social providers, passwordless methods, MFA enforcement, session policies, and password requirements.
Authentication SettingsConfigure IP allow/block lists, brute-force protection, suspicious login detection, CAPTCHA integration, and rate limiting.
Security SettingsManage B2B organizations with member roles, invitation workflows, and per-organization enterprise SSO connections.
OrganizationsWrite custom JavaScript hooks that execute at key points in the authentication flow to implement business rules, enrich tokens, or block logins.
Actions EngineView and filter the complete audit log. Stream logs to external systems. Export data for compliance and GDPR requests.
Logs & Compliance