C Concierge Documentation
⌘K
Docs / Operate / Management
Operate

Management panel.

The management panel at /manage/* is a platform operator dashboard for managing tenants, billing, and reviewing audit logs. It is protected by Cloudflare Access with full JWT verification.

Authentication

Management routes verify the Cf-Access-Jwt-Assertion header:

  1. Cloudflare Access: Handles the login flow and issues a signed JWT
  2. JWT verification: Concierge fetches the team's JWKS, verifies the RS256 signature, checks the aud claim against CF_ACCESS_AUD, and extracts the email

Anyone with a valid Access JWT (matching your Access policy) is authorized. Scope access via your Cloudflare Access policy.

Dashboard

The main dashboard (/manage) shows:

  • The authenticated operator's email
  • Total tenant count
  • Links to tenant management, billing, and audit log

Tenant Management

At /manage/tenants, operators can:

  • List all tenants with their email, plan, and creation date
  • View individual tenant details including connected accounts
  • See a tenant's billing state (credits remaining, used, granted)
  • Grant free reply credits to a tenant

Billing Controls

At /manage/billing, operators can:

  • View credit packs: See all defined packs with their reply counts, prices, and status
  • Create packs: Add new credit packs with name, reply count, INR price, USD price, and sort order
  • Update packs: Edit existing pack details
  • Activate/Deactivate packs: Control which packs are visible to tenants
  • Delete packs: Remove packs entirely
  • Grant credits: Give free reply credits to a specific tenant (at /manage/billing/grant/{tenant_id})

Audit Log

At /manage/audit, operators can review a chronological log of all management actions. Each entry records:

FieldDescription
actor_emailThe operator who performed the action
actionWhat was done (e.g., grant_replies, create_pack, update_pack, delete_pack)
resource_typeThe type of resource affected (e.g., billing, credit_pack)
resource_idThe specific resource identifier (optional)
detailsJSON payload with action-specific details
created_atTimestamp

The audit log shows the most recent 100 entries.

Setup

  1. In the Cloudflare dashboard, go to Zero Trust > Access > Applications
  2. Create a Self-hosted application for your-domain/manage/*
  3. Copy the Application Audience (AUD) Tag from the application overview
  4. Set CF_ACCESS_TEAM (your team name) and CF_ACCESS_AUD in wrangler.toml
  5. Add a policy allowing the emails that should have management access
  6. Deploy with wrangler deploy