Skip to main content

What is the server admin panel?

The server admin panel is a separate administrative interface for managing the Pwnbook platform itself, distinct from organization-level settings. While organization owners and admins manage their own team’s configuration, server admins manage the platform as a whole. Server admin capabilities include:
  • Viewing and managing all users across all organizations
  • Viewing and managing all organizations
  • Configuring AI providers (Anthropic/OpenAI API keys)
  • Managing billing and Stripe configuration
  • Promoting users to server admin status
Server admin access grants broad control over the entire Pwnbook deployment. Grant server admin status only to trusted individuals who need platform-level administrative access.

Accessing the admin panel

To access the server admin panel:
  1. Log in as a user with server admin privileges.
  2. Click your avatar or profile menu in the top right.
  3. Select Server Admin from the menu.
Alternatively, navigate directly to /admin in your Pwnbook instance. If the Server Admin option is not visible, your account does not have server admin privileges. Contact another server admin to grant you access.

Admin panel sections

Users

View all registered users, see their organization memberships, and manage server admin status.

Organizations

View all organizations on the platform, their member counts, and subscription status.

AI Providers

Configure Anthropic and OpenAI API keys to enable AI features across the platform.

Billing

Configure Stripe integration, view subscription status, and manage billing settings.

Organizations management

From the admin panel’s Organizations section, you can:
  • View all organizations registered on the platform
  • See organization details: name, member count, plan, and creation date
  • Impersonate an organization (view as an org admin for debugging)
  • Suspend or delete organizations
  • View an organization’s engagements and activity

Promoting the first server admin

On a fresh Pwnbook installation, the first server admin must be set via the CLI or database, since there’s no admin to grant the privilege through the UI. To promote the first server admin: 
docker compose exec backend npm run admin:promote --email user@example.com
Replace user@example.com with the email address of the user to promote. Subsequent server admins can be promoted through the admin UI.

Security considerations

  • Restrict server admin access to the minimum number of people necessary
  • Server admins can view and manage all data across all organizations — treat this access with appropriate care
  • Regularly audit who has server admin status via the Users admin panel
  • Enable 2FA for all accounts with server admin access