System Administration

Administration Overview

The administration interface provides comprehensive tools for managing user accounts, system settings, and organizational configurations. This centralized control panel enables effective governance of your phishing simulation platform while maintaining security and compliance standards across your organization.

User profile management interface showing account settings and security options

User Profile Management Options
Section	Description
Account Details	Modify username, display name, and other personal account information for user identification
Password Security	Update account password with automatic session invalidation for enhanced security
Multi-Factor Authentication	Enable additional security layers using TOTP authenticators. Strongly recommended for all accounts
API Access Management	Configure API tokens for programmatic access and automation integration with external systems

Multi-Factor Authentication Setup

Multi-factor authentication (MFA) provides an essential security layer by requiring additional verification beyond your password. This significantly reduces the risk of unauthorized access and helps protect sensitive phishing simulation data and administrative functions.

Multi-factor authentication setup interface with QR code and verification options

Complete MFA setup by scanning the QR code with your authenticator app (such as Google Authenticator, Authy, or Microsoft Authenticator) and entering the generated verification code to confirm proper configuration.

Important: After successful setup, you will receive backup recovery codes. Store these codes securely as they provide account access if your primary authenticator device becomes unavailable.

API Key Management

API key generation and management interface for programmatic access configuration

Generate and manage API keys for programmatic access to Phishing Club functionality. These keys enable automation, integration with external systems, and custom application development while maintaining secure authentication protocols.

Note: Comprehensive API documentation will be available with the general availability release. Current early access provides basic API functionality for testing and development purposes.

Session Management

Session management provides comprehensive oversight of all active login sessions for your account. Each successful login creates a unique session that maintains your authentication state. This interface enables monitoring of concurrent access, identification of unauthorized sessions, and selective or bulk session termination for enhanced security control.

Phishing Club - Sessions — Active sessions overview showing connection details and management controls

Session Information Display
Field	Description
IP Address	Source IP address associated with the session, enabling identification of connection location and potential security concerns
Current Session Indicator	Visual indicator showing which session corresponds to your current browser connection, preventing accidental self-logout

User Account Management

Administrative user management enables creation, modification, and oversight of individual user accounts within your Phishing Club instance. This centralized approach ensures proper access control, maintains accountability, and provides comprehensive audit trails for all user activities and system interactions.

Best Practice: Maintain individual accounts for each administrator to preserve detailed audit trails, enable granular access control, and support compliance requirements for security operations.

Phishing Club - Users — Comprehensive user administration interface with account management and security controls

Force immediate logout for specific users by utilizing the Delete all sessions function, which invalidates all active sessions for enhanced security enforcement and access control.

Creating Administrative Users

Phishing Club - Create user — User creation interface with account details and security configuration options

User Account Configuration
Field	Description and Requirements
Display Name	Human-readable name for user identification in interfaces, reports, and audit logs
Email Address	Unique email address for user identification, notifications, and password recovery functions
Username	Unique login identifier for authentication. Should follow organizational naming conventions for consistency
Initial Password	Secure randomly generated password for initial account access. Users should change this upon first login for security

Multi-Tenant Organization Management

Available in Security Provider and Enterprise editions

Organization management enables creation and administration of separate company entities within your Phishing Club instance. This multi-tenant architecture ensures complete data isolation, independent statistics tracking, and customized security awareness programs tailored to each client organization's specific requirements and compliance needs.

Phishing Club - Companies — Multi-tenant organization administration with data isolation and management controls

Data Export Management

Export comprehensive organizational data for backup, compliance, or migration purposes. Use Export Shared to download all global and shared resources that are available across multiple organizations within your instance.

Phishing Club - Export company action — Organization-specific data export options and controls

Access organization-specific data exports through the Actions menu for individual companies, enabling targeted data extraction while maintaining proper data isolation and privacy controls.

Creating New Organizations

Phishing Club - Create company — Organization creation interface for multi-tenant environment setup

Organization Configuration
Field	Description and Usage
Organization Name	Unique identifier for the client organization, used for data isolation, reporting, and administrative organization within the multi-tenant environment

Organization Context Switching

Navigate between different client organizations using the Change Company function to switch your working context. This enables administrators to manage multiple organizations while maintaining proper data isolation and access controls.

Phishing Club - Switch companies — Organization switching interface for multi-tenant navigation

Phishing Club - Change company — Organization selection dialog for context switching

The currently active organization context is prominently displayed in the top navigation menu, ensuring clear awareness of which organization's data and campaigns you are currently managing:

Phishing Club - Current company — Current organization context indicator in navigation interface

Global System Settings

Global system settings provide centralized control over platform-wide configurations, security policies, and operational parameters. These settings affect all users and organizations within your Phishing Club instance and require careful consideration to maintain optimal system performance and security standards.

Phishing Club - Settings — Comprehensive system settings interface with security and operational controls

System Configuration Categories
Category	Configuration Options and Impact
License Management	Update license keys, modify edition features, and manage subscription settings for platform functionality
General System Settings	Configure upload limits, define repeat offender thresholds, and set operational parameters for optimal system performance
Single Sign-On Integration	Configure SSO authentication with Microsoft 365 and other enterprise identity providers for streamlined access management
Data Import/Export	Manage bulk data operations including imports from other Phishing Club instances and migration utilities
System Logging	Adjust logging verbosity levels for troubleshooting, performance monitoring, and technical support requirements

Bulk Data Import System

The bulk import system enables efficient migration of assets, landing pages, email templates, and other resources from external sources or other Phishing Club instances. This powerful feature streamlines content deployment and facilitates rapid platform setup with pre-built simulation components.

Download a comprehensive example import file to understand the required structure: Phishing Club Import Example.zip

Import Process

Follow these steps for successful data import:

File Upload: Select and upload your properly structured .zip file using the import form interface
Context Selection: Choose whether to import data into the current organization context (Security Provider edition) or apply globally across all organizations

Required File Structure

Import files must follow a specific directory structure for successful processing and proper resource organization:

assets/ - Global assets directory containing shared resources available across all templates and campaigns
Template Directories - Named folders containing data.yaml configuration files with the following subdirectories:
- assets/ - Template-specific multimedia resources
- pages/ - HTML landing page files for user interaction
- emails/ - Email template content and designs

Template Configuration File

Each template directory requires a data.yaml configuration file that defines the template structure, content relationships, and metadata for proper import processing:

name: "Professional Template Name"
pages:
  - name: "Landing Page Name"
    file: "pages/landing.html"
emails:
  - name: "Email Template Name"
    file: "emails/template.html"
    envelope from: "[email protected]"
    from: "Display Name <[email protected]>"
    subject: "Compelling Email Subject Line"

Import Processing and Validation

The import system comprehensively validates and processes the following components:

Global Assets: Shared resources from the root assets directory
Template Assets: Component-specific multimedia and supporting files
Landing Pages: Interactive HTML pages with embedded tracking capabilities
Email Templates: Personalized phishing simulation content and designs

Import Results Summary

Upon completion, the system provides a comprehensive import summary detailing:

Created Items: New resources successfully added to the platform
Updated Items: Existing resources modified with new content or settings
Skipped Items: Unchanged resources that already exist in the current state
Error Reports: Detailed information about any processing failures or validation issues

Enterprise Single Sign-On Configuration

Phishing Club - Single Sign-On — Enterprise Single Sign-On configuration interface for Microsoft Azure integration

Configure enterprise Single Sign-On integration with Microsoft Azure Active Directory to streamline user authentication and leverage existing organizational identity management infrastructure for enhanced security and user experience.

Azure Application Registration

Begin the SSO configuration process by registering a new application in your Microsoft Azure portal to establish the authentication relationship between Phishing Club and your organization's identity provider.

Phishing Club - SSO - Azure app registration — Azure application registration interface for establishing SSO authentication parameters

Configure the Redirect URI field with your Phishing Club instance URL: your-domain.tld/api/v1/sso/entra-id/auth. This exact URL can be copied from the SSO setup modal for accuracy and consistency.

Extract the required authentication identifiers from Azure and input them into Phishing Club:

Copy the Application (client) ID and paste into the Client ID field
Copy the Directory (tenant) ID and paste into the Tenant ID field

Phishing Club - SSO - Azure app client and tenant id — Azure application overview showing client and tenant identification information

Proceed to create authentication credentials by clicking Add a certificate or secret to generate the secure authentication token required for API communication between systems.

Generate a new client secret and immediately copy the displayed Value into the Secret field in Phishing Club. Important: This value is only displayed once and cannot be retrieved later.

Complete the SSO configuration by clicking Enable SSO to activate enterprise authentication integration. Users will now be able to authenticate using their organizational Microsoft 365 credentials for seamless access to Phishing Club.