Organization Settings Quick Start

Use this page when onboarding an operator, org admin, or support engineer into the Lovinka admin settings flow.

Production links

In examples below, replace <orgId> with the target organization UUID from the admin URL or organization list.

What changed

• Organization settings now live under the canonical org-scoped route tree: /orgs/:orgId/settings/*.
• The old /workspace/* route tree was removed.
• The old super-admin-specific /platform/orgs/:orgId/* settings route tree was replaced by the same /orgs/:orgId/* route tree used by organization members.
• Connections is now an organization settings section at /orgs/:orgId/settings/connections.
• The Connect Partner wizard is route-driven, so each step has a stable URL under Connections.

Access and organization scope

The /orgs/:orgId/* tree allows access when the signed-in user is either a SuperAdmin or a member of the organization in the URL.

Inside this tree, the admin API client is scoped to the URL organization. This means support users can inspect another organization without changing their personal org switcher state. Organization members see the same settings surface for their own organization.

Settings routes

Invalid settings sections redirect to Identity settings.

Connections routes

The permissions and network wizard routes require the earlier wizard state. If opened directly without selecting a use case first, the app sends the user back to the previous valid step.

Minting partner credentials

1. Sign in to https://voke.lovinka.com.
2. Open https://voke.lovinka.com/orgs/<orgId>/settings/connections?tab=api-keys.
3. Click Connect partner.
4. Select the use case preset.
5. Review scopes on the Permissions step.
6. Configure the IP allowlist on the Network step.
7. Generate the key.
8. Save the reveal bundle into an approved secret manager: AMQPS URI, raw API key, and HMAC signing key when a vcp:write:* scope is present.
9. Use the API key detail page to run Test connection and inspect the audit log.

Partner navigation tour

For new partners signing in for the first time, the admin app exposes everything you need through three sidebar groups. Use this checklist as a guided first session.

1. Confirm the right organization is active

The org switcher at the top of the left sidebar shows the active organization. Click it to open the picker and select the partner org (e.g. CPI Energo). Every URL below resolves against that active org's UUID — switching orgs while you are mid-flow re-targets all subsequent requests.

2. Workspace settings

Sidebar group Advanced → Workspace settings opens /orgs/<currentOrgId>/settings/identity. From the rail you can reach:

• Identity — organization name, slug, role mapping. Only visible / editable when your role on this organization is at least ORG_ADMIN.
• Notifications — alert routing, email/SMS/push fan-out toggles. ORG_ADMIN.
• Members — invite, role changes, remove. ORG_ADMIN.
• Connections — partner credentials and live integration health. ORG_ADMIN.

If a section requires a permission you do not have, the rail still lists it but the body shows a clear access-denied state explaining which role is required. We do not silently 404 on permission gaps.

3. Connections — your day-to-day surface

/orgs/<orgId>/settings/connections is where partner integration lives. Four tabs:

• Overview — single AMQPS URI, health pill (Healthy / Warming up / Errors / Offline), four KPI tiles (msg/s, partners online, backlog, errors 24h), and the five most-recently-used keys.
• API keys — list of all minted keys for this org with sparkline + queue-depth per row. The Connect partner button at the top right launches the routed wizard described in API keys & auth.
• Quickstart — server-rendered Node / Python / curl snippets with the real org slug and a <your-key> placeholder. Copy as a starting point.
• Audit log — reverse-chronological feed of api_key.* and partner.connect* events.

Click any row in the API keys list to land on the detail page (/orgs/<orgId>/settings/connections/api-keys/<id>) where you can run Test connection (paste the raw key for a real broker probe) or Revoke.

4. Operational surfaces

The other sidebar groups round out the partner experience:

• Operations → Plants lists every plant in the active org. Click a plant to reach /plants/<plantId> with tabs for Overview, Devices, Live telemetry (real-time charts), and Commands (history of dispatches and ACK / NACK).
• Operations → Alerts lists active and resolved alerts across all plants in the org.
• Activity → Audit Log is the org-wide activity log (broader than just the Connections audit tab).
• Activity → Certificates lists the per-plant TLS certificates and their expiry, with "expiring soon" banners and rotation actions.
• Advanced → Device Templates is the org-scoped catalogue of signal maps and command bindings. Most partners will not edit this directly.

5. Personal settings

The avatar in the lower-left corner exposes Settings (personal preferences — profile, theme, keyboard shortcuts, sessions). These are user-scoped, not org-scoped, and are reached via a modal so they never push the URL away from your current task.

6. URL conventions to remember

• /orgs/<orgId>/... is the canonical org-settings tree. Bookmark these directly.
• /plants/<plantId> is the canonical plant detail tree. Bookmark these directly.
• /orgs/<orgId>/settings/connections?tab=<overview|api-keys|quickstart|audit-log> lets you share a deep link straight to a specific Connections tab.
• The browser back button always navigates to the previous step inside the routed Connect Partner wizard — there is no in-app modal to "trap" you.

Related docs

• ESM quick start - partner-side AMQP and command smoke test.
• API keys & auth - scopes, reveal bundle, AMQP login, REST usage, rotation, and revocation.
• CPI Energo production handoff - current CPI production environment summary.