Platform Settings

Overview

Platform Settings provides administrators with centralized control over global configuration options that affect all organizations on the platform. This includes integration settings, feature flags, email configuration, and system-wide defaults.

Settings Categories

---

General Settings

Platform Branding

Setting	Type	Description
Platform Name	Text	Display name shown in emails and UI
Support Email	Email	Default support contact email
Support URL	URL	Link to support documentation
Terms of Service URL	URL	Link to terms of service
Privacy Policy URL	URL	Link to privacy policy

Acceptance Criteria

Frontend

• Platform Branding workflow is implemented in the UI as described.

Backend / API

• Backend behavior supports Platform Branding as documented.

Permissions

• Access is restricted per the Capabilities matrix on this page (or equivalent role rules).

Business Rules

• All business rules for this feature are enforced.

Error Handling

• Error states return clear messages and appropriate HTTP status codes.

Regional Defaults

Setting	Type	Description
Default Timezone	Select	Default timezone for new organizations
Default Currency	Select	Default currency (AUD, USD, GBP, EUR, etc.)
Default Date Format	Select	DD/MM/YYYY, MM/DD/YYYY, YYYY-MM-DD
Default Language	Select	Default UI language

---

Acceptance Criteria

Frontend

• Regional Defaults workflow is implemented in the UI as described.

Backend / API

• Backend behavior supports Regional Defaults as documented.

Permissions

• Access is restricted per the Capabilities matrix on this page (or equivalent role rules).

Business Rules

• All business rules for this feature are enforced.

Error Handling

• Error states return clear messages and appropriate HTTP status codes.

Integration Settings

Stripe Configuration

Setting	Type	Required	Description
Stripe Mode	Toggle	Yes	Live or Test mode
Publishable Key	Text	Yes	Public API key
Secret Key	Secret	Yes	Private API key (encrypted)
Webhook Secret	Secret	Yes	Webhook signing secret
Webhook URL	Read-only	-	URL to configure in Stripe dashboard

Acceptance Criteria

Frontend

• Stripe Configuration workflow is implemented in the UI as described.

Backend / API

• Backend behavior supports Stripe Configuration as documented.

Permissions

• Access is restricted per the Capabilities matrix on this page (or equivalent role rules).

Business Rules

• All business rules for this feature are enforced.

Error Handling

• Error states return clear messages and appropriate HTTP status codes.

Xero Configuration

Setting	Type	Required	Description
Client ID	Text	Yes	OAuth2 client ID
Client Secret	Secret	Yes	OAuth2 client secret
Redirect URI	Read-only	-	OAuth callback URL
Default Tax Rate	Text	No	Default tax rate code

Acceptance Criteria

Frontend

• Xero Configuration workflow is implemented in the UI as described.

Backend / API

• Backend behavior supports Xero Configuration as documented.

Permissions

• Access is restricted per the Capabilities matrix on this page (or equivalent role rules).

Business Rules

• All business rules for this feature are enforced.

Error Handling

• Error states return clear messages and appropriate HTTP status codes.

Salesforce Configuration

Setting	Type	Required	Description
Environment	Select	Yes	Production or Sandbox
Consumer Key	Text	Yes	Connected app consumer key
Consumer Secret	Secret	Yes	Connected app consumer secret
Login URL	Text	Yes	login.salesforce.com or test.salesforce.com

Acceptance Criteria

Frontend

• Salesforce Configuration workflow is implemented in the UI as described.

Backend / API

• Backend behavior supports Salesforce Configuration as documented.

Permissions

• Access is restricted per the Capabilities matrix on this page (or equivalent role rules).

Business Rules

• All business rules for this feature are enforced.

Error Handling

• Error states return clear messages and appropriate HTTP status codes.

HubSpot Configuration

Setting	Type	Required	Description
Portal ID	Text	Yes	HubSpot portal/account ID
API Key	Secret	Yes	Private app API key
Sync Contacts	Toggle	No	Auto-sync members to HubSpot contacts
Sync Companies	Toggle	No	Auto-sync organizations to HubSpot companies

Acceptance Criteria

Frontend

• HubSpot Configuration workflow is implemented in the UI as described.

Backend / API

• Backend behavior supports HubSpot Configuration as documented.

Permissions

• Access is restricted per the Capabilities matrix on this page (or equivalent role rules).

Business Rules

• All business rules for this feature are enforced.

Error Handling

• Error states return clear messages and appropriate HTTP status codes.

Email Provider (SMTP)

Setting	Type	Required	Description
Provider	Select	Yes	SendGrid, Mailgun, Amazon SES, Custom SMTP
SMTP Host	Text	Yes	Mail server hostname
SMTP Port	Number	Yes	Mail server port (587, 465, 25)
SMTP Username	Text	Yes	Authentication username
SMTP Password	Secret	Yes	Authentication password
From Address	Email	Yes	Default sender email
From Name	Text	Yes	Default sender name
Reply-To Address	Email	No	Default reply-to email

---

Acceptance Criteria

Frontend

• Email Provider (SMTP) workflow is implemented in the UI as described.

Backend / API

• Backend behavior supports Email Provider (SMTP) as documented.

Permissions

• Access is restricted per the Capabilities matrix on this page (or equivalent role rules).

Business Rules

• All business rules for this feature are enforced.

Error Handling

• Error states return clear messages and appropriate HTTP status codes.

Feature Flags

Control which features are available across the platform.

Global Feature Flags

Flag	Default	Description
enable_lms	On	Learning Management System
enable_cpd	On	CPD Point Tracking
enable_directory	On	Business Directory
enable_job_board	On	Job Board / Careers
enable_sponsorships	On	Sponsorship Management
enable_community	Off	Community Features (Beta)
enable_ai_features	Off	AI-powered features (Beta)
enable_sso	On	Single Sign-On support
enable_mfa	On	Multi-Factor Authentication
enable_api_access	On	REST API access for organizations

Acceptance Criteria

Frontend

• Global Feature Flags workflow is implemented in the UI as described.

Backend / API

• Backend behavior supports Global Feature Flags as documented.

Permissions

• Access is restricted per the Capabilities matrix on this page (or equivalent role rules).

Business Rules

• All business rules for this feature are enforced.

Error Handling

• Error states return clear messages and appropriate HTTP status codes.

Per-Tenant Overrides

Administrators can override global flags for specific organizations:

GET  /api/admin/tenants/{id}/features     # Get tenant feature flags
PUT  /api/admin/tenants/{id}/features     # Update tenant feature flags

---

Acceptance Criteria

Frontend

• Per-Tenant Overrides workflow is implemented in the UI as described.

Backend / API

• Backend behavior supports Per-Tenant Overrides as documented.

Permissions

• Access is restricted per the Capabilities matrix on this page (or equivalent role rules).

Business Rules

• All business rules for this feature are enforced.

Error Handling

• Error states return clear messages and appropriate HTTP status codes.

Security Settings

Authentication

Setting	Type	Default	Description
Session Timeout	Number	24	Hours until session expires
Max Login Attempts	Number	5	Failed attempts before lockout
Lockout Duration	Number	30	Minutes account is locked
Password Min Length	Number	8	Minimum password characters
Require Uppercase	Toggle	On	Require uppercase letter
Require Number	Toggle	On	Require numeric character
Require Special Char	Toggle	Off	Require special character
Password Expiry Days	Number	0	Days until password expires (0 = never)

Acceptance Criteria

Frontend

• Authentication workflow is implemented in the UI as described.

Backend / API

• Backend behavior supports Authentication as documented.

Permissions

• Access is restricted per the Capabilities matrix on this page (or equivalent role rules).

Business Rules

• All business rules for this feature are enforced.

Error Handling

• Error states return clear messages and appropriate HTTP status codes.

Multi-Factor Authentication

Setting	Type	Default	Description
MFA Available	Toggle	On	Allow users to enable MFA
MFA Required (Admins)	Toggle	On	Require MFA for platform admins
MFA Required (Client Admins)	Toggle	Off	Require MFA for client admins
MFA Methods	Multi-select	TOTP, Email	Available MFA methods

Acceptance Criteria

Frontend

• Multi-Factor Authentication workflow is implemented in the UI as described.

Backend / API

• Backend behavior supports Multi-Factor Authentication as documented.

Permissions

• Access is restricted per the Capabilities matrix on this page (or equivalent role rules).

Business Rules

• All business rules for this feature are enforced.

Error Handling

• Error states return clear messages and appropriate HTTP status codes.

API Security

Setting	Type	Default	Description
API Rate Limit	Number	1000	Requests per hour per key
API Key Expiry	Number	365	Days until API key expires
Require HTTPS	Toggle	On	Reject non-HTTPS API requests
IP Whitelist	Textarea	-	Allowed IP addresses (one per line)

---

Acceptance Criteria

Frontend

• API Security workflow is implemented in the UI as described.

Backend / API

• Backend behavior supports API Security as documented.

Permissions

• Access is restricted per the Capabilities matrix on this page (or equivalent role rules).

Business Rules

• All business rules for this feature are enforced.

Error Handling

• Error states return clear messages and appropriate HTTP status codes.

System Defaults

Default values applied to new organizations.

Membership Defaults

Setting	Type	Default	Description
Default Member Role	Select	ROLE_MEMBER	Role for new members
Require Email Verification	Toggle	On	Verify email before activation
Auto-Approve Members	Toggle	Off	Auto-approve new registrations
Welcome Email Template	Select	default	Default welcome email

Acceptance Criteria

Frontend

• Membership Defaults workflow is implemented in the UI as described.

Backend / API

• Backend behavior supports Membership Defaults as documented.

Permissions

• Access is restricted per the Capabilities matrix on this page (or equivalent role rules).

Business Rules

• All business rules for this feature are enforced.

Error Handling

• Error states return clear messages and appropriate HTTP status codes.

Notification Defaults

Setting	Type	Default	Description
Email Notifications	Toggle	On	Enable email notifications
Digest Frequency	Select	Daily	Email digest frequency
Admin Alerts	Toggle	On	Send alerts to admins

Acceptance Criteria

Frontend

• Notification Defaults workflow is implemented in the UI as described.

Backend / API

• Backend behavior supports Notification Defaults as documented.

Permissions

• Access is restricted per the Capabilities matrix on this page (or equivalent role rules).

Business Rules

• All business rules for this feature are enforced.

Error Handling

• Error states return clear messages and appropriate HTTP status codes.

Storage Defaults

Setting	Type	Default	Description
Max File Size	Number	50	Maximum upload size in MB
Allowed File Types	Multi-select	PDF, DOC, etc.	Permitted file extensions
Storage Quota	Number	10	GB per organization

---

Acceptance Criteria

Frontend

• Storage Defaults workflow is implemented in the UI as described.

Backend / API

• Backend behavior supports Storage Defaults as documented.

Permissions

• Access is restricted per the Capabilities matrix on this page (or equivalent role rules).

Business Rules

• All business rules for this feature are enforced.

Error Handling

• Error states return clear messages and appropriate HTTP status codes.

Audit Log

All settings changes are logged for compliance and troubleshooting.

Field	Description
Timestamp	When the change occurred
Admin	Who made the change
Setting	Which setting was changed
Old Value	Previous value
New Value	New value
IP Address	Admin's IP address

GET /api/admin/settings/audit-log    # View settings change history

---

API Endpoints

GET    /api/admin/settings                    # Get all settings
GET    /api/admin/settings/{category}         # Get settings by category
PUT    /api/admin/settings/{category}         # Update settings category
POST   /api/admin/settings/test-email         # Send test email
POST   /api/admin/settings/test-integration   # Test integration connection
GET    /api/admin/settings/audit-log          # View audit log

Access Control

Features

Platform Settings

Acceptance Criteria

Frontend

• Admin UI supports the workflows described on this page.

Backend / API

• Admin actions persist changes and are reflected across the product.

Permissions

• Only platform admins can access these screens.

Business Rules

• Changes are audited where applicable.

Error Handling

• Invalid operations display clear errors and do not partially apply changes.