System Administration

Administration Overview

The administration interface provides tools for managing user accounts, system settings, and organizational configurations. This control panel manages your phishing simulation platform while maintaining security and compliance standards across your organization.

User profile management interface

User Profile Management Options
Section	Description
Account Details	Modify username, display name, and other account information
Password Security	Update account password with automatic session invalidation
Multi-Factor Authentication	Enable TOTP authenticators. Recommended for all accounts
API Access Management	Configure API tokens for programmatic access and integration with external systems

Multi-Factor Authentication Setup

Multi-factor authentication (MFA) provides a security layer by requiring verification beyond your password. This reduces the risk of unauthorized access and helps protect phishing simulation data and administrative functions.

Multi-factor authentication setup interface

Complete MFA setup by scanning the QR code with your authenticator app (such as Google Authenticator, Authy, or Microsoft Authenticator) and entering the generated verification code.

Important: After setup, you will receive backup recovery codes. Store these codes securely as they provide account access if your authenticator device becomes unavailable.

API Key Management

API key generation and management interface

Generate and manage API keys for programmatic access to Phishing Club functionality. These keys enable automation, integration with external systems, and custom application development.

Note: API documentation will be available with the general availability release. Current early access provides basic API functionality for testing and development.

Session Management

Session management provides oversight of all active login sessions for your account. Each login creates a unique session that maintains your authentication state. This interface enables monitoring of concurrent access, identification of unauthorized sessions, and session termination.

Phishing Club - Sessions — Active sessions overview

Session Information Display
Field	Description
IP Address	Source IP address associated with the session
Current Session Indicator	Indicator showing which session corresponds to your current browser connection

User Account Management

User management enables creation, modification, and oversight of user accounts within your Phishing Club instance. This approach ensures access control, maintains accountability, and provides audit trails for user activities and system interactions.

Best Practice: Maintain individual accounts for each administrator to preserve audit trails, enable access control, and support compliance requirements.

Phishing Club - Users — User administration interface

Force immediate logout for specific users by utilizing the Delete all sessions function, which invalidates all active sessions.

Creating Administrative Users

Phishing Club - Create user — User creation interface

User Account Configuration
Field	Description and Requirements
Display Name	Name for user identification in interfaces, reports, and audit logs
Email Address	Email address for user identification, notifications, and password recovery
Username	Login identifier for authentication. Should follow organizational naming conventions
Initial Password	Randomly generated password for initial account access. Users should change this upon first login

Multi-Tenant Organization Management

Organization management enables creation and administration of separate company entities within your Phishing Club instance. This multi-tenant architecture ensures data isolation, statistics tracking, and security awareness programs tailored to each client organization's requirements and compliance needs.

Phishing Club - Companies — Multi-tenant organization administration

Data Export Management

Export organizational data for backup, compliance, or migration purposes. Use Export Shared to download all global and shared resources that are available across multiple organizations within your instance.

Phishing Club - Export company action — Organization data export options

Access organization-specific data exports through the Actions menu for individual companies, enabling data extraction while maintaining data isolation and privacy controls.

Creating New Organizations

Phishing Club - Create company — Organization creation interface

Organization Configuration
Field	Description and Usage
Organization Name	Identifier for the client organization, used for data isolation, reporting, and administration within the multi-tenant environment

Organization Context Switching

Navigate between different client organizations using the Change Company function to switch your working context. This enables administrators to manage multiple organizations while maintaining data isolation and access controls.

Phishing Club - Switch companies — Organization switching interface

Phishing Club - Change company — Organization selection dialog

The currently active organization context is displayed in the top navigation menu, showing which organization's data and campaigns you are currently managing:

Phishing Club - Current company — Current organization context indicator

Global System Settings

Global system settings provide control over platform-wide configurations.

Phishing Club - Settings — System settings interface

System Configuration Categories
Category	Configuration Options and Impact
Single Sign-On Integration	Configure SSO authentication with Microsoft 365
General System Settings	Configure upload limits and repeat offender thresholds
System Logging	Adjust logging verbosity levels for troubleshooting, performance monitoring, and technical support
Data Import/Export	Manage data operations including imports. The import format is the export format of Templates project
Backup	Create an backup or download a backup.

Bulk Data Import System

The import system enables import of assets, landing pages, email templates, and other resources from external sources or other Phishing Club instances.

Download a example import file to understand the required structure: Phishing Club Import Example.zip

Import Process

Data import steps:

File Upload: Select and upload your structured .zip file using the import form interface
Context Selection: Choose whether to import data into the current organization context or apply globally across all organizations

Required File Structure

Import files must follow a specific directory structure for processing and resource organization:

assets/ - Global assets directory containing shared resources available across all templates and campaigns
Template Directories - Named folders containing data.yaml configuration files with the following subdirectories:
- assets/ - Template-specific multimedia resources
- pages/ - HTML landing page files for user interaction
- emails/ - Email template content and designs

Template Configuration File

Each template directory requires a data.yaml configuration file that defines the template structure, content relationships, and metadata for import processing:

name: "Professional Template Name"
pages:
  - name: "Landing Page Name"
    file: "pages/landing.html"
emails:
  - name: "Email Template Name"
    file: "emails/template.html"
    envelope from: "[email protected]"
    from: "Display Name <[email protected]>"
    subject: "Compelling Email Subject Line"

Import Processing and Validation

The import system validates and processes the following components:

Global Assets: Shared resources from the root assets directory
Template Assets: Component-specific multimedia and supporting files
Landing Pages: HTML pages with embedded tracking capabilities
Email Templates: Phishing simulation content and designs

Import Results Summary

Upon completion, the system provides an import summary detailing:

Created Items: New resources successfully added to the platform
Updated Items: Existing resources modified with new content or settings
Skipped Items: Unchanged resources that already exist in the current state
Error Reports: Information about any processing failures or validation issues

Enterprise Single Sign-On Configuration

Phishing Club - Single Sign-On — Single Sign-On configuration interface for Microsoft Azure integration

Configure Single Sign-On integration with Microsoft Azure Active Directory to streamline user authentication and leverage existing organizational identity management infrastructure.

Azure Application Registration

Begin SSO configuration by registering a new application in your Microsoft Azure portal to establish the authentication relationship between Phishing Club and your organization's identity provider.

Phishing Club - SSO - Azure app registration — Azure application registration interface

Configure the Redirect URI field with your Phishing Club instance URL: your-domain.tld/api/v1/sso/entra-id/auth. This URL can be copied from the SSO setup modal.

Extract the authentication identifiers from Azure and input them into Phishing Club:

Copy the Application (client) ID and paste into the Client ID field
Copy the Directory (tenant) ID and paste into the Tenant ID field

Phishing Club - SSO - Azure app client and tenant id — Azure application overview showing client and tenant identification

Create authentication credentials by clicking Add a certificate or secret to generate the authentication token required for API communication between systems.

Generate a new client secret and copy the displayed Value into the Secret field in Phishing Club. Important: This value is only displayed once and cannot be retrieved later.

Complete the SSO configuration by clicking Enable SSO to activate authentication integration. Users will now be able to authenticate using their organizational Microsoft 365 credentials to access Phishing Club.