Admin only

Control Center

This is the page to keep behind the strictest guard. Validate WorkOS AuthKit role checks, MFA, and organization scoping here before rolling changes elsewhere.

Requires: role = adminAdd optional step-up MFA

What belongs here?

Use this area to prototype privileged tools. Each block below represents a module that should verify the current user has the correct claims before rendering.

Organization rollup

Aggregate metrics across tenants once WorkOS Directory Sync lands.

Operator toolbox

Links to billing, seat management, and compliance exports.

Security center

Trigger step-up auth (MFA) for sensitive actions.

Hook up authorization

Fetch session server-side and redirect to /user if the role is insufficient.
Surface a clear error state to the client for any unauthorized fetch requests.
Consider gating each module individually for extra defense in depth.