User Guide — IT Administrator
As an IT Administrator, you manage system configuration, user access, SSO integration, AI model setup, and security settings.
Your Responsibilities
| Area | Tasks |
|---|---|
| User Management | Create users, assign roles, manage permissions |
| SSO / Identity | Configure Keycloak SSO integration |
| AI Configuration | Set up AI model providers (Ollama, Gemini, OpenAI) |
| Security | Manage encryption keys, audit logs, data retention |
| Integrations | Configure API keys, connectors, webhooks |
| Billing | Manage subscription and usage |
| System Health | Monitor services, logs, and performance |
Key Administration Tasks
User & Role Management
- Navigate to Administration → Users
- Add User: Click + New User → fill in details → assign role
- Assign Roles: Predefined roles: Admin, CAE, Manager, Auditor, QA, Viewer, Client
Available roles and their scope:
| Role | Description |
|---|---|
| Admin | Full system access including configuration |
| CAE | Audit program leadership with approval rights |
| Manager | Engagement management and workpaper review |
| Auditor | Fieldwork execution, workpapers, findings |
| QA | Quality assurance reviews |
| Viewer | Read-only dashboard access |
| Client | PBC portal access only |
📖 See Users & Roles for full details.
SSO Configuration (Keycloak)
AIIA uses Keycloak for identity management:
- Navigate to Administration → SSO
- Configure your identity provider:
- SAML 2.0 — for enterprise IdPs (Azure AD, Okta, ADFS)
- OpenID Connect — for OAuth-based IdPs
- LDAP — direct Active Directory synchronization
- Map external groups to AIIA roles
- Test the connection before enabling
📖 See SSO Configuration for full details.
AI Model Configuration
- Navigate to Administration → AI Models
- Click + Add Provider
- Select provider type:
| Provider | Setup | Key Required |
|---|---|---|
| Ollama | Local endpoint URL | ❌ |
| Gemini | API URL + API key | ✅ |
| OpenAI | API URL + API key | ✅ |
| Anthropic | API URL + API key | ✅ |
| DeepSeek | API URL + API key | ✅ |
| Custom | OpenAI-compatible endpoint | ✅ |
- Test the connection
- Set as default provider
API keys are encrypted at rest (AES-256-GCM). Keys are NEVER displayed in full after saving — only the last 4 characters are shown.
📖 See AI Models for full details.
Audit Log Review
- Navigate to Audit Logs
- Filter by:
- Date range
- User
- Action type (CREATE, UPDATE, DELETE, AI_ACTION, LOGIN)
- Module
- Export logs for compliance reporting
📖 See Audit Logs for full details.
Data Retention
Configure retention policies per document type via Administration → Data Retention. The system supports configurable retention periods for each document type (workpapers, evidence, reports, findings, audit logs, AI content) with customizable expiry actions (archive, delete, notify, manual review).
📖 See Data Retention for full details.
System Health Monitoring
AIIA includes built-in monitoring tools accessible through your deployment infrastructure:
- Grafana — service metrics and dashboards
- Prometheus — metrics collection
- Docker logs —
docker compose logs -f [service]
Access URLs for monitoring services are configured during deployment setup.
Permissions
As Admin, you have full access to all modules and configuration.