Manage Workspace users & Org Units via the Admin SDK
Email
Name
Org Unit
Status
2SV
Last sign-in
Organizational Units
Path
Name
Description
π¦ Supplies
Consumables & reorder thresholds
Item
On hand
Reorder at
Vendor
β Onboarding / Offboarding
Repeatable checklists for staff joining & leaving
Person
Type
Progress
Status
π² Budget
Annual budget vs committed spend Β· set figures in Admin β Money & SLA
π SOPs & Documentation
Policies Β· Plans Β· Procedures Β· Standards
Title
Type
Status
Ver
Owner
Review
Admin & Customization
π¨ Branding
Rename the app and set your school's accent color β the whole interface restyles.
π£ Status / outage banner
Show a school-wide banner to all signed-in users (e.g., "Wi-Fi down in B wing").
π₯ Users
Create accounts for staff and admins, reset passwords, manage roles.
π€ Claude Assistant
In-app AI help for policies, documentation, and ticket replies. Uses your Anthropic API key (from console.anthropic.com). Text entered in the assistant is sent to Anthropic's API — avoid student personal information.
π¨ Alert webhook
Let printer monitors or other systems report alerts into the Alerts module. They POST to /api/alerts/ingest with header X-Alert-Key.
π Scripting
Allow running scripts on devices from inside the app (via Action1). Off by default β each run still needs explicit confirmation. Storing and pushing scripts is always available.
π² Budget
Set the annual IT budget and fiscal-year start; the Budget tab compares it to committed spend from quotes.
π§Ύ Billing / invoicing
Your details on invoices, default tax + hourly rate, and the next invoice number. Used by Operations β Invoices.
β±οΈ Ticket SLA targets (hours)
Resolution-time targets per priority. Open tickets past target are flagged in the board and dashboard.
π§ Scheduled QBR delivery
Auto-generate the QBR each period and email a summary + link to leadership.
π Google Sign-In (SSO)
Let users sign in with their school Google account, alongside username/password. Create an OAuth Web application client at console.cloud.google.com (APIs & Services β Credentials), and register the redirect URI shown below.
βοΈ Email & Sync
Google Workspace sending, inbox sync, and email-to-ticket intake settings.
π¬ ChatOps & SMS alerting
Push alerts at or above a severity to Slack / Teams / Discord (incoming webhook URLs) and optionally SMS via Twilio.
π‘οΈ Warranty lookup
Auto-fill device warranty end dates from the manufacturer. Dell is implemented (TechDirect API client ID/secret). Lenovo/HP need their own API keys (placeholders for now); otherwise enter warranty manually.
π€ AI ticket triage
Use the Claude Assistant key to auto-classify inbound tickets (category, priority, summary, suggested reply). Off by default. Privacy: ticket text is sent to Anthropic β don't store student PII in tickets.
π°οΈ SIEM / log aggregation (Wazuh)
Receive security events from Wazuh (or any tool that can POST JSON) into Alerts. Point your SIEM's integration at /api/siem/ingest with header X-SIEM-Key. Optional: test the Wazuh manager API.
π Vulnerability scanning
Receive findings from a scanner (OpenVAS/Greenbone, Nessus, Qualys, Nmap) into the Vulnerabilities page. Point the scanner's export/script at /api/vulnscan/ingest with header X-Vulnscan-Key. High/critical findings raise Security alerts.
π΅οΈ Breach monitoring (Have I Been Pwned)
Watch your domain for breached accounts. Needs a paid HIBP API key and your domain verified in your HIBP account. New exposures raise Security alerts. (The password checker on the Breaches page is free and needs no key.)
π« Tenants (multi-school)
Run the Suite for more than one school from this instance. Each tenant is fully isolated (its own data, users, uploads, branding). You are the super-admin on the primary tenant. Create a school here, then open it to manage it; its admin gets a one-time temporary password.
School
Slug
Status
Actions
Full per-school separation requires a wildcard subdomain + TLS in front of this server (one-time ops setup). On a single host you can still open/return-to-primary here.
π°οΈ Accept console sign-in
Let a central Management Console sign administrators into this instance with one click (no second login). Paste the same shared secret here that you entered for this client in the console. Tokens are short-lived (90s), single-use, and every console login is written to the audit log.
Only enable on instances you manage from the console.
π¨ Migrate ticket history from SyncroMSP
One-time import of a school's Syncro tickets and their full comment history into the Suite at cutover. It writes into the current tenant, preserves original dates, and is safe to re-run (already-imported tickets are skipped). In Syncro, create an API token with ticket read access (Syncro β Admin β API Tokens).
At cutover you can also trigger this with an API key instead of logging in: POST /api/ext/migrate/syncro with header X-API-Key and JSON body { subdomain, apiKey, sinceDays, maxTickets, dryRun }. Create the key under API & Webhooks below.
π Google Device Sync
Pull your Chromebooks from the Google Admin console into Inventory. Uses a read-only service account (no passwords). Setup steps are in the README; in short: Google Cloud project β enable Admin SDK β service account + JSON key β domain-wide delegation with the Chrome devices read-only scope β paste the key here with a super-admin email.
π± Jamf Device Sync (iPads)
Pull your iPads from Jamf into Inventory.
Jamf School: create the key under Organisation β Settings β API; the Network ID is shown on the same page (also under Devices β Enroll Device(s)). The key needs read access to devices.
π Omada Network Sync
Pull your TP-Link Omada network gear (access points, switches, gateways) into Inventory. In the controller: Settings β Platform Integration β Open API β add an app (Client mode, Viewer role) β copy the Omadac ID, Client ID, and Client Secret. Connected gear shows as deployed; disconnected gear is flagged In Repair.
π₯οΈ Action1 RMM (Windows / Mac)
Pull your Windows/Mac endpoints from Action1: patch status into Inventory, monitoring alerts into Tickets, and a remote-control link on each device. In Action1: Settings β API & Integrations β create an API client β copy the Client ID and Client Secret. Action1 maintains the endpoint agent.
In Action1, open a device's Remote session and copy the URL. Paste it here and replace the last of the three IDs with {id}. Placeholders: {id} (this endpoint), {org}, {region}, {remote}, {console}. Leave blank to open the org dashboard instead. After saving, click Sync now to refresh device links.
π‘οΈ OpenEDR (Threat Detection)
Pull endpoint security detections from OpenEDR into Tickets (severity-mapped, deduped, linked to the device). Provide your OpenEDR server URL and an API key. Exact paths are confirmed via the probe at /api/openedr/probe.
π±οΈ Desktop Ticket Intake (Tray app)
Lets the desktop tray form submit tickets. Generate an intake key, then bake it into the tray installer: ops\tray-install.ps1 -Url https://SERVER:3443 -Key <key>. The key is shown once on generation.
Add your own fields to any module β they appear automatically in its add/edit form and on its detail pages. Types: text, number, date, or dropdown.
Label
Type
Options
0
Total Devices
0
Available
0
Checked Out
0
Overdue
Asset Tag
Type
Model
Location
Status
Assigned To
Due
Opened
Updated
No devices yet. Click + Add device or Import CSV.
0
Total
0
Open
0
In Progress
0
Resolved/Closed
Title
Priority
Status
Requester
Assignee
Device
Opened
Updated
No tickets yet. Click + New ticket.
0
Total Quotes
0
Draft/Sent
0
Approved/Ordered
$0
Open Value
Title
Vendor
Type
Amount
Status
Ticket
Opened
Updated
No quotes yet. Click + New quote.
No articles yet. Click + New article.
0
Staff Members
0
Departments
0
With Devices
Name
Title
Department
Room
Email
Devices
Opened
Updated
No staff yet. Click + Add staff or Import CSV.
0
Total Projects
0
Active
0
Planning
0
Completed
$0
Active Budget
Project
Category
Status
Priority
Lead
Timeline
Budget
Progress
Opened
Updated
No projects yet. Click + New project.
π« Project Tickets
0
Linked Tickets
0
Open
0
Urgent / High
Project
Title
Priority
Status
Assignee
Updated
No project-linked tickets yet. Use + New project ticket, or set "Linked Project" on any ticket.
0
Vendors
0
Categories
$0
Open Quote Value
Vendor
Contact
Email
Phone
Category
Quotes
Opened
Updated
No vendors yet. Click + Add vendor.
π₯ Inbox
From
Subject
Date
Inbox is empty.
π Password Vault
Create your vault
Admin passwords for line-of-business systems are encrypted with AES-256 using a key derived from a master password. It is never stored anywhere. If you lose it, the vault contents cannot be recovered.
Customize the automatic emails. Dynamic tags like {{ticket.title}} and {{recipient.name}} are replaced when sent β see the Tag reference.
π QBR / Update Meeting Reports
Generate a new report
Snapshots live data from Tickets, Inventory, Projects, and Quotes for the period, and writes IT-planning recommendations. Reports are saved and exportable as PDF for your meeting.
Groups of recipients from the Staff directory plus any extra addresses.
List
Members
No lists yet.
Compose
Each person receives their own individually-addressed email, personalized with tags like {{recipient.first}}, {{recipient.name}}, {{recipient.department}}.
Device not found β it may have been deleted, or you don't have access to it.
Notes
Vault credentials
Quotes from this vendor
Vendor not found.
πΎ Backup Monitoring
Track each backup job and whether it ran/succeeded recently. Failed or overdue jobs raise alerts. Mark runs manually, or have a backup tool/cron POST to /api/backups/:id/report.
Job
State
Last run
Type
Actions
π Uptime / SSL Monitoring
Watches websites/services (HTTP, TCP), reads TLS certificate expiry, and looks up domain registration expiry via RDAP. Down sites, expiring certs, and expiring domains raise alerts.
Monitor
Status
TLS cert
Domain expiry
Actions
π Software & SaaS Licenses
Track software/SaaS licenses, seat counts, cost, and renewal dates. Licenses renewing soon raise an alert so you are never surprised by a renewal.
License
Seats
Cost
Renews
Actions
π Vulnerabilities
Findings from your scanner (OpenVAS/Greenbone, Nessus, Qualys, Nmap, etc.). Point the scanner's export at the ingest webhook (Admin β Vulnerability Scanning) or paste a JSON report via Import. High/critical findings raise Security alerts.
Severity
Finding
Host
Status
Actions
π΅οΈ Breach Monitoring
Checks your domain against Have I Been Pwned for breached accounts (configure the API key + domain in Admin β Breach Monitoring). The password checker uses the free, privacy-preserving Pwned Passwords range API.
Account
Breach
Found
Status
π£ Phishing Simulations
Send a simulated phishing email to staff and track who clicks. Clickers land on a teachable "this was a test" page. Requires SMTP (Admin β Email). Use only with your own staff.
Families sign device agreements in the FACTS Family Portal (their existing login); record completion here so the Suite/Students module stays accurate. The teacher portal (magic-link/Google) stays active for staff. Manage documents, announcements, and review signatures below.
πͺ Family agreements (FACTS) tracking
Parents complete agreements in FACTS. Record a completed one here to flag the student as signed (a FACTS API auto-sync can replace this later).
The public page at /status shows component health from your Uptime monitors plus any active incidents you post here.
Incident
Status
Opened
Actions
π API & Webhooks
Give other tools programmatic access (read devices/tickets/alerts, create tickets) via API keys, and push events out to other systems via webhooks. External API base: /api/ext/ with header X-API-Key.
API keys
Key
Last used
Outbound webhooks
Endpoint
Status
Actions
π§Ύ Billing & Invoices
Invoice
Date
Total
Status
Actions
π°οΈ Management Console
A single pane across every client instance. Tickets, alerts and devices are pulled live from each instance's API; clicking a row jumps you straight into that instance's exact page (single sign-on, no second login).
Add client instance
Create this in the client instance under Admin β API & Webhooks. Used to read tickets/alerts/devices.
Optional. Must match the client instance's Admin β Console sign-in secret. Enables one-click jump-in with no second login.
Add device
Choose from Staff directory or type any name
Check out device
New ticket
Save the ticket first, then you can reply.
Images, PDF, TXT, CSV, Word or Excel Β· up to 10 MB each. Tip: you can also paste a screenshot (Ctrl/Cmd+V) while this form is open. New tickets save first, then files upload.
New quote
New article
New project
Email settings
Send ticket replies from your school's Google (Gmail) account. You'll need an App Password: enable 2-Step Verification, then create one at myaccount.google.com/apppasswords.
Tags like {{user.name}}, {{date}}, {{app.name}} work in any field; canned responses also support {{ticket.*}}, {{recipient.*}} and {{device.*}}.
π Prebuilt ticket snippets
Starter ticket templates and canned replies for common school IT issues. Install the ones you want, then edit them under Templates. Already-installed snippets are skipped.
π Dynamic tag reference
Write tags as {{tag}}. Unknown tags become blank. Ticket/device/recipient tags need a ticket context (canned responses, ticket emails).