Knogin
[Developers]

Administration

When a government agency signs on to the Argus platform, someone has to build their environment from scratch: create the tenant, set user limits, configure which modules are enabled, define storage quotas, and verify tha

Back to All Modules
Category: Api DomainsLast Updated: Feb 5, 2026
api-domainscompliancegeospatial

Overview#

When a government agency signs on to the Argus platform, someone has to build their environment from scratch: create the tenant, set user limits, configure which modules are enabled, define storage quotas, and verify that background jobs are running cleanly. Without a dedicated administration layer, that work is manual, error-prone, and impossible to audit. The Administration module handles all of it.

It provides enterprise-level management capabilities for the full platform lifecycle: Systems Integrator management, tenant organisation provisioning, background job orchestration, data normalisation pipelines, and administrative dashboard analytics. Everything operates under strict multi-tenant isolation with full audit trails, meaning no administrative action goes unrecorded.

Key Features#

  • Systems Integrator Management: Manage Systems Integrator entities that oversee multiple tenant organisations, with tiered access and feature control.
  • Tenant Provisioning: Provision, configure, suspend, reactivate, and deprovision customer organisations with a complete lifecycle workflow.
  • Tiered Configuration: Four subscription tiers (Starter, Professional, Enterprise, Government) with configurable user limits, investigation quotas, and storage allocations.
  • Background Job Management: Queue, monitor, and manage asynchronous jobs with priority-based scheduling, automatic retries, and batch processing.
  • Data Normalisation: Transform heterogeneous data from multiple sources into a standardised schema using configurable field mappings and transformation rules.
  • Administrative Dashboard: Real-time dashboard with metrics on users, investigations, storage, API usage, system health, and compliance status.
  • Quota Management: Monitor and enforce resource quotas per tenant, including users, investigations, and storage.
  • Security and Compliance Monitoring: Track API errors, failed authentications, suspicious activities, and compliance readiness across data retention, encryption, MFA adoption, and audit logging.
  • Programmable API Access: Full API support for all administrative operations.

Role-Based Access#

  • Platform Administrator: Full platform access including Systems Integrator management, global provisioning, and system monitoring.
  • Systems Integrator Administrator: Manage their own SI metadata, view their customers, and create tenants under their SI.
  • Tenant Administrator: Manage their own organisation, view dashboard metrics, configure tenant settings, and manage background jobs.

Use Cases#

Defence contractors managing multi-national deployments provision separate tenant environments for each participating nation, enforcing data sovereignty at the organisational boundary while maintaining a unified management view.

Law enforcement agencies joining a regional intelligence-sharing programme onboard through a Systems Integrator, receiving pre-configured module access aligned to their operational role without exposing other tenants' data.

Financial regulators use the compliance monitoring dashboard to verify that all supervised organisations maintain required data retention periods and encryption standards before an audit window opens.

Utilities operators normalise incoming data from diverse SCADA feeds, OSINT feeds, and manual uploads into a consistent internal schema before that data reaches investigation workflows.

  • Onboarding New Customers: Provision new tenant organisations with appropriate tier configurations, feature flags, and resource quotas through a structured workflow.
  • Operational Monitoring: Monitor system health, queue depths, API usage, and security metrics through the administrative dashboard to ensure platform reliability.
  • Data Integration: Normalise incoming data from diverse sources (OSINT feeds, external APIs, manual uploads) into a consistent format using configurable field mappings.
  • Compliance Oversight: Track compliance readiness across all tenants, including data retention policies, encryption status, MFA adoption rates, and audit logging completeness.

Integration#

The Administration module serves as the foundation for the Argus platform:

  • All Modules: Tenant provisioning and configuration controls which features and modules are available to each organisation.
  • Audit Trail: All administrative operations are logged with full audit trails for compliance and accountability.
  • Billing: Usage metrics feed into billing summaries with projected costs and estimated charges.
  • Data Ingestion: The normalisation pipeline integrates with data source connectors to standardise incoming data before it reaches other modules.

Open Standards#

  • GraphQL (June 2018 specification): All administrative operations, tenant provisioning, background job management, SI management, and dashboard metrics, are exposed through a typed GraphQL API implemented with Strawberry, enforcing schema contracts at the API boundary.
  • JSON Web Token (RFC 7519) / JSON Web Key Set (RFC 7517): Every admin endpoint validates caller identity via RS256-signed JWTs resolved against a JWKS endpoint; the organisation identifier embedded in the token is used to enforce multi-tenant data isolation on every query.
  • OAuth 2.0 (RFC 6749): The Bearer token authentication model underpins all protected admin routes, with permission scopes (e.g. scoped review permissions, scoped management permissions) governing access to individual endpoint groups.
  • NIS2 Directive (EU 2022/2555): The administrative dashboard tracks active cyber security incidents against the Directive's 72-hour notification deadline, surfacing compliance status per tenant so operators can meet their mandatory reporting obligations.
  • AES-256-GCM / FIPS 140-2: Field-level encryption of sensitive tenant configuration and PII uses AES-256-GCM with key rotation, targeting FIPS 140-2 compliance; PKCS#11 Hardware Security Module support is included for classified deployments.
  • Role-Based Access Control (NIST SP 800-53 AC-2/AC-3): Provisioning and service layers enforce RBAC with tiered roles (super_admin, platform administrator, SI administrator, tenant administrator), with default role sets created automatically during tenant onboarding.
  • ISO 8601: All timestamps across provisioning lifecycle events, audit log entries, background job records, and API responses are serialised in ISO 8601 format with UTC timezone offsets.
  • GDPR (EU Regulation 2016/679): Configurable data-retention periods per subscription tier (90 days to 7 years) and a Data Protection Officer sign-off workflow for Freedom of Information disclosure bundles give operators the controls required under the Regulation.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.