This workspace governs AXIS accounts, managed identity activation, scoped role assignments, active sessions, invitations, resets, and audit-backed lifecycle commands.
Foundation remains the approving authority. Managed account login is now a separate controlled lane.
Accounts waiting for invite acceptance or assignment.
Active
0
Accounts currently allowed to authenticate and operate.
Suspended
0
Access halted but identity preserved for review or restore.
Active Sessions
0
Privileged and managed sessions currently live.
Pending Resets
0
Reset commands waiting to be consumed or rotated.
Export Jobs
0
Job-based account exports available for controlled retrieval.
Step 01
Create or provision the account.
Use Create Managed User for a direct Foundation-built account, or Review Requests when the user came through the public control page and the live access API.
Step 02
Issue the identity path.
Activation links and reset links are returned in the command status so Foundation can send the correct pathway without leaving this page.
Step 03
Confirm status and session posture.
After first successful sign-in, the account moves to active, invite state closes, and the session shows up in the live session list below.
Admin Commands
Managed account lifecycle
Use plain-language commands with reason codes. Foundation remains the approving authority, while the managed identity bridge issues activation, reset, and session-control pathways.
Create Managed User
Create a Foundation-managed account and immediately generate the activation path for the Account Login lane on the control page.
Grant Role
Grant a role with explicit scope and reason so the account lands in the correct workspace after sign-in.
Change Account Status
Suspend, disable, or restore the AXIS account without losing the audit trail or identity bridge.
Activation, Reset, and Session Revoke
Issue a fresh activation link, force a password reset, or revoke all active sessions. Returned links appear directly in the command result below.
Review and Provision Request
Approve or reject inbound control-page requests. Approval creates the account, binds role scope, and returns the activation path in one auditable action.
AXIS Email System
Configure the controlled sender identity, permit invite template, and delivery posture used when AXIS prepares boundary permit notifications.
AXIS Link Management
Refresh governed entry objects, inspect routing and delivery posture, and revoke AXIS Links directly from Foundation Access.
AXIS Link management ready.
Export Access Records
Exports are job-based, scoped, expiring, and auditable. They remain controlled records rather than direct browser dumps.
User Detail
Identity, credentials, sessions, and audit
Select a user to inspect their AXIS record, their managed identity provider entry, active sessions, and audit history before making changes.
StatusPending
Person TypePending
UsernamePending
ManagedPending
Role Assignments
Credentials
Sessions
Audit
Inbound Requests
Control-page account requests
These are the governed intake requests from the public control page and active access API. Provisioning one creates the managed identity bridge and returns an activation path.
Users
Managed accounts
The roster below is the Foundation-controlled identity population. Invited users are activation-pending until they complete the managed account path.
Request Policy
Approved domains and categories
These rules govern what the public control page may submit. Foundation can tighten or expand policy here without another code push.
Policy Editor
Update workspace request policy
Select a workspace, then define allowed access categories, allowed email domains, and the guidance shown to requesters.
Request Mapping
Domain-to-role and scope defaults
These mappings drive the provisioning suggestions that appear when Foundation reviews an inbound request.
Mapping Editor
Update request mapping
Define which role and scope should be suggested for a given workspace and email domain.
Email System
Boundary permit delivery posture
Foundation controls the sender identity, boundary invite template, provider mode, and operational status from here.
Email Delivery
Prepared and queued invite events
Each boundary permit invite produces an auditable delivery event with recipient, provider posture, subject, and related permit metadata.
AXIS Link
Governed entry objects
These records control access codes, token resolution, destination routing, and delivery posture for permits and directive packets.
AXIS Link Detail
Selected link activity
Inspect lifecycle events, delivery state, and object metadata for the selected AXIS Link.
Roles and Scope
Authority remains scoped
Role and scope assignments exist so “admin” never silently means “everything forever.”
Governance Audit
Policy and mapping changes
This view isolates governance-rule changes from the broader audit stream so Foundation can quickly inspect who changed request policy and provisioning mappings.
Immutable Audit Spine
Recent privileged actions
Every sensitive command should leave behind a searchable event with actor, target, scope, and reason.
Audit Summary
Governance posture at a glance
This quick readout shows whether request-policy and request-mapping changes are flowing into the audit spine as expected.
Policy Changes0
Mapping Changes0
Latest Governance EventPending
Audit ConfidencePending
Sessions and Recovery
Active sessions, invites, and resets
Session control, activation posture, and reset commands are visible here for immediate review.
Invites and Exports
Outbound account actions
Pending invites and export jobs stay explicit, expiring, and auditable rather than disappearing into email or browsers.