How to use this guide
Each section below corresponds to one page in the Forest Admin panel.
The crawler logged in as forestadmin@scalegate.io and visited every page in order, taking a real screenshot of each.
For every page you'll get:
- 👀 What you see — a description of the actual layout, panels, buttons, and data on the page
- 💡 Why it matters — what business or operational question the page answers
- 🎯 What to do here — the typical actions an operator takes on this screen
- 🚨 Red flags — things that should make you stop and investigate
Click any screenshot to open it full-size in a new tab. Use the sidebar table of contents on the left to jump to a specific page. Technical details (API routes, network logs) are tucked away in collapsible "Technical details" sections under each page — useful for developers debugging.
/
🌐 Public
👀 What you see
This is the public marketing page anyone visiting scalegate.io sees first — no login required. Across the top is a navigation bar with the SCALEGATE wordmark on the left and links to Features, How It Works, Pricing, Security, Portals, Docs and Contact. On the right are two action buttons: a "Forest Admin →" link (where operators sign in) and an orange "Get Started" button for new customers.
The big hero section says "One Platform to License, Protect & Monetize Your Software." with a short pitch and two call-to-action buttons (Start Free Trial / Watch Demo). Below the hero you scroll through dark feature panels showing how the SDK is integrated, code samples, the value-prop columns, and finally a footer with company info.
💡 Why it matters
It's the front door of your business. New customers land here from search, ads, or direct links and decide whether to sign up. As an operator you don't usually do anything here — but you should know it's the first impression and is the only page that doesn't require any authentication.
🎯 What to do here
Click the green "Forest Admin →" button at the top right to go to the operator login page. That's your entry point to everything else in this tour.🚨 Red flags / things to watch out for
If this page shows broken images, missing text, or fails to load, the public-facing portal is down — sign-ups will be blocked. The browser address bar should always show https:// with a padlock.
Technical details (for developers)
Route: /
API endpoints called:
GET /api/branding/demo
Observed network requests during the crawl:
| Status | URL |
|---|---|
| 200 | /api/platform/plans |
/forest-admin/login
🌐 Public
👀 What you see
A clean centred card on a dark blue background with a glowing emerald shield icon. The card is titled "ScaleGate Admin" with a subtitle PLATFORM CONTROL CENTER and a small green "SECURE ACCESS PORTAL" indicator with a pulsing dot.
Inside the card you see two fields: Email Address (with a placeholder "admin@platform.com") and Password (with an eye icon to reveal what you typed). Below them is a big emerald gradient "Sign In to Control Center" button. Right at the bottom of the card three tiny labels confirm the security posture: IP Allowlisted, TOTP MFA, and AES-256 Encrypted.
💡 Why it matters
This is the gate to everything sensitive in the platform. The Forest Admin login is completely separate from the tenant logins — it uses its own JSON Web Token, its own signing key, and (optionally) IP allowlisting per admin. A compromised tenant can never become a Forest Admin.
🎯 What to do here
Type your operator email and password, then click Sign In to Control Center. If you've enabled two-factor authentication on your account, a 6-digit code prompt appears next. Once you're in, you land on the Dashboard.🚨 Red flags / things to watch out for
If you see "Invalid credentials" repeatedly with a password you know is correct, your IP may be blocked by an allowlist — open the Profile page later to check. Never share these credentials over email or chat.
Technical details (for developers)
Route: /forest-admin/login
API endpoints called:
POST /api/platform/forest-admin/login
/forest-admin
🔒 Forest Admin Auth
👀 What you see
The Dashboard is your "first room" after logging in. The dark left sidebar is now visible on every page from here on — it's how you navigate everything. From top to bottom you'll see: Dashboard, God's View, God's Eye, Live Activity, Tenants, Plans, Revenue Ledger, Controls, Monitoring, Analytics, Backups, Error Log, Admin Users, Platform Config, Audit Trail, My Profile.
The top bar shows today's date, the server's IP address, a green LIVE indicator, theme toggle, and your operator badge ("Forest Admin").
The main area shows four big KPI cards across the top:
- Total Tenants — every customer company on the platform
- Active Subscriptions — paid + currently valid
- Monthly Recurring Revenue (MRR) — predictable income
- Revenue (30 Days) — actual money received in the last month, with a smaller "Lifetime KES X" figure underneath
Below the KPIs are two wider panels: Plan Distribution (a pie chart of how many tenants are on each plan) and Recent Tenants (the latest signups). At the bottom of the page are three smaller status cards: Suspended, Provisioned (24h), and Active Subscriptions.
💡 Why it matters
One screen tells you "is the business healthy today?" If MRR drops or Suspended count climbs, this is where you see it first.
🎯 What to do here
Glance at the four KPIs to take the platform's pulse. If something looks off, click the matching item in the sidebar (e.g., low MRR → click Revenue Ledger; many suspended → click Tenants) to drill down.🚨 Red flags / things to watch out for
All zeros (like in this screenshot) is normal on a brand-new install with no real customers yet. On a live platform, all-zeros means data isn't loading — check the Monitoring page for service health.
Technical details (for developers)
Route: /forest-admin
API endpoints called:
GET /api/platform/forest-admin/dashboard
Observed network requests during the crawl:
| Status | URL |
|---|---|
| 200 | /api/platform/forest-admin/me |
| 200 | /api/platform/forest-admin/dashboard |
/forest-admin/tenants
🔒 Forest Admin Auth
👀 What you see
The Tenants page is the company directory of everyone who has signed up. The header shows the page title "Tenants" with the date underneath. On the right are filter tabs: All, Active, Suspended, Deprovisioned — click any to narrow the list.
Below the filter is a table with the columns: Company, Slug, Plan, Status, Provisioned, and Actions. In this screenshot the table is empty ("0 total tenants") because the production database has no signups yet. Pagination controls (Prev / Page 1 / Next) sit on the right.
💡 Why it matters
This is your CRM-style master list. Every company that signed up — whether they finished payment or not — appears here. Click a row to drill into a specific tenant's details, suspend them, view their database stats, or rotate their security keys.
🎯 What to do here
- Use the filter tabs to find what you're looking for (e.g., Suspended if you're investigating a churned customer).
- Click any row to open that tenant's detail page.
- Use the Actions column for quick operations like suspend / reactivate.
🚨 Red flags / things to watch out for
If a tenant has been "Pending" provisioning for more than a few minutes, something is wrong with the background worker — check the Error Log next.
Technical details (for developers)
Route: /forest-admin/tenants
API endpoints called:
GET /api/platform/forest-admin/tenants
Observed network requests during the crawl:
| Status | URL |
|---|---|
| 200 | /api/platform/forest-admin/me |
| 200 | /api/platform/forest-admin/tenants?page=1&pageSize=20 |
/forest-admin/plans
🔒 Forest Admin Auth
👀 What you see
The Subscription Plans page shows every plan you offer customers, side by side as cards. There are three plans: Enterprise, Professional, Starter. Each card shows:
- Plan name and a count of active subscribers currently on it
- Pricing: Monthly, Quarterly, and Yearly prices in KES (currently set to test values: KES 1 / 2 / 3 for Starter / Professional / Enterprise monthly — these are intentionally small for testing)
- Limits: max admin seats, max applications, max active licenses
- Revenue Share % — what cut of customer payments goes to the platform
- Edit (pencil) and Delete (trash) icons in the top-right of each card
A green "+ Add Plan" button at the top right lets you create a brand-new plan.
💡 Why it matters
Plans are what you sell. Changes here affect every new signup immediately and the next billing cycle for existing tenants. Be careful — bumping a price affects revenue but also customer churn risk.
🎯 What to do here
- Click the pencil icon on a plan to edit pricing or limits.
- Click "+ Add Plan" to create a new tier (e.g., a custom Enterprise+ tier).
- Avoid deleting a plan that still has active subscribers — deprecate it instead by setting its hidden flag.
🚨 Red flags / things to watch out for
If a plan shows "0 active subscribers" but you know customers are on it, the database connection from the Forest Admin panel is broken — check Monitoring.
Technical details (for developers)
Route: /forest-admin/plans
API endpoints called:
GET /api/platform/forest-admin/subscription-plans
Observed network requests during the crawl:
| Status | URL |
|---|---|
| 200 | /api/platform/forest-admin/me |
| 200 | /api/platform/forest-admin/subscription-plans |
/forest-admin/backup-health
🔒 Forest Admin Auth
👀 What you see
The Backup Health page is a fleet-wide view of database backup status across every tenant. The subtitle reads "Cross-tenant backup status overview".
At the top are three summary cards:
- Total Tenants — how many tenants have a backup schedule
- Healthy — tenants whose last backup completed on schedule
- Overdue / Errors — tenants needing attention (this number should always be zero!)
Below the cards is a table with columns: Tenant, Health, Last Full, Last Log, Schedule. A Refresh button is at the top right.
💡 Why it matters
Backups are your safety net. If a tenant's database corrupts or someone deletes data, this page tells you whether you have a recent restore point. Overdue backups = potential data loss.
🎯 What to do here
- Glance at the Overdue/Errors count. If it's anything other than zero, click the row to see which tenant is failing.
- Use the Refresh button if the data looks stale.
- If a tenant has been "Overdue" for >24h, escalate immediately — that's a real risk.
🚨 Red flags / things to watch out for
Any number in the red Overdue / Errors card is a P1 incident. A backup error usually means the SQL Server backup target is out of space, the Azure Blob credentials are wrong, or the tenant database has gone offline.
Technical details (for developers)
Route: /forest-admin/backup-health
API endpoints called:
GET /api/platform/forest-admin/backup-health
Observed network requests during the crawl:
| Status | URL |
|---|---|
| 200 | /api/platform/forest-admin/me |
| 200 | /api/platform/forest-admin/backup-health |
/forest-admin/settings
🔒 Forest Admin Auth
👀 What you see
The Platform Settings (also labelled "Platform Config" in the sidebar) page is the central control panel for every secret and configuration knob on the platform. It's a grid of colour-coded cards, each grouping related settings:
- SMTP Mail (cyan) — outbound email server, login credentials, "from" address
- Encryption Keys — AES key fingerprint for tenant connection-string encryption
- JWT Auth (red) — JSON web token signing key and issuer settings
- Web Portal (green) — frontend URL, allowed origins, and CORS
- Cron Schedule (purple) — when background jobs run
- Application Defaults (orange) — grace period days, default device limit, defaults applied to new tenants
- System Health (gray) — health check thresholds
- Platform Branding (purple) — colors, logos, the "powered by" footer text
- PesaPal / payment cards — consumer key, secret, callback URLs, currency
Each card has form fields you can edit. A Save button at the bottom commits all changes at once.
💡 Why it matters
This is "mission control" for the platform. A typo in any field here can break things instantly — wrong SMTP credentials = no emails go out; wrong PesaPal callback = signups can't complete payment. Sensitive values (passwords, API keys) are encrypted at rest in the database.
🎯 What to do here
- Find the card for the setting you need to change.
- Edit the field — placeholder text shows the current value pattern.
- Click Save at the bottom of the page.
- For credential changes (PesaPal, SMTP), test immediately by trying to send a test email or initiating a test signup.
🚨 Red flags / things to watch out for
Never save a blank value for a critical key (JWT signing key, encryption key) — it will lock everyone out. If you see fields that are masked as "OVERRIDE_VIA_ENV", they are coming from environment variables and editing them here has no effect.
Technical details (for developers)
Route: /forest-admin/settings
API endpoints called:
GET /api/platform/forest-admin/platform-settings
Observed network requests during the crawl:
| Status | URL |
|---|---|
| 200 | /api/platform/forest-admin/me |
| 200 | /api/platform/forest-admin/settings |
/forest-admin/gods-view
🔒 Forest Admin Auth
👀 What you see
The God's View is a high-altitude live intelligence dashboard. The header reads "God's View — Platform-wide real-time intelligence" with a big emerald "Open God's Eye Map" button on the right (which jumps to the next page).
Five compact KPI cards line the top:
- Active Tenants — how many are doing anything right now
- Events Used — total platform events in the time window
- Unique Visitors — distinct users seen
- Top Countries — count of distinct countries
- Platform Revenue — running total in KES
Below the KPIs are two charts side by side: Event Breakdown (24h) (a pie chart of event types) and Top Countries (7d) (a leaderboard, currently empty with "No geolocation data yet"). Underneath those is a wide Hourly Activity (24h) bar chart, then a Most Active Tenants (24h) ranking panel at the bottom.
💡 Why it matters
This is the "is anyone using the platform right now?" answer. Whereas the Dashboard tells you "is the business healthy", God's View tells you "what's happening this minute".
🎯 What to do here
- Watch the Hourly Activity bars to spot unusual quiet periods or traffic spikes.
- Click Open God's Eye Map when you want a geographic view.
- Use the Most Active Tenants ranking to congratulate (or check on) your power users.
🚨 Red flags / things to watch out for
If activity drops to zero suddenly during business hours, the platform may be silently broken — check the Error Log and Monitoring pages.
Technical details (for developers)
Route: /forest-admin/gods-view
API endpoints called:
GET /api/platform/forest-admin/dashboard
Observed network requests during the crawl:
| Status | URL |
|---|---|
| 200 | /api/platform/forest-admin/me |
| 200 | /api/platform/forest-admin/gods-view |
/forest-admin/gods-eye
🔒 Forest Admin Auth
👀 What you see
The God's Eye is a full-screen dark world map showing where on Earth your customers' users are right now. The map fills almost the entire screen — you can see the continents (North America, Europe, Africa, Asia, Australia) drawn in muted dark grey/blue.
The toolbar across the top has:
- The page title God's Eye
- Time-range buttons: 1h, 6h, 12h, 24h, 3d, 7d (24h is highlighted by default)
- A Refresh button
- Four status pills on the right: 0 tenants, 0 online, 0 events, 0 users
Map controls (zoom +/-) sit in the top-left corner. When activity exists, coloured markers appear at each user's geo-located position; clicking a marker pops up details.
💡 Why it matters
It's the most visceral way to see your platform's reach. New tenants see their map fill up with dots from real users and feel the platform working. Geographic clusters help you understand where to invest in localised features (currency, language, support hours).
This page also enforces GDPR consent: tenants whose admin has set consent to "Disabled" never appear; tenants set to "Anonymised" show pseudonymised user IDs instead of real emails.
🎯 What to do here
- Pick a time range (1h shows live activity, 7d shows the bigger picture).
- Drag/zoom the map like Google Maps to focus on a region.
- Click any marker to see who that activity belongs to.
🚨 Red flags / things to watch out for
An empty map with non-zero stats means geo lookups are failing — the IP-to-location service may be rate-limited or down. The empty map you see in this screenshot is normal because production has no real user activity yet.
Technical details (for developers)
Route: /forest-admin/gods-eye
API endpoints called:
GET /api/platform/forest-admin/gods-eye
Observed network requests during the crawl:
| Status | URL |
|---|---|
| 200 | /api/platform/forest-admin/me |
| 200 | /api/platform/forest-admin/gods-eye?hours=24&limit=1000 |
| 200 | /api/platform/forest-admin/gods-eye?hours=24&limit=1000 |
/forest-admin/controls
🔒 Forest Admin Auth
👀 What you see
The Platform Controls page is your "operational levers" panel. Subtitled "Session management, performance tuning, cache ops, diagnostics".
Four tabs across the top let you switch between:
- Sessions (currently active) — every signed-in user across all tenants
- Performance — live latency / error data
- Cache — Redis status and clear-cache buttons
- Diagnostics — health probes for each backing service
The Sessions tab shows "0 active sessions" right now. The table beneath has columns: Tenant, User, Created, Expires, Actions. A Refresh button updates the list.
💡 Why it matters
This is where you act, not just observe. If a misbehaving user needs to be kicked out, you do it here. If the cache is serving stale data, you clear it here. If the health checks are showing red, you diagnose them here.
🎯 What to do here
- Use the Sessions tab to see who's logged in. Click the action icon to revoke a session immediately.
- Use the Performance tab to spot slow endpoints (this is the API performance table you've seen before).
- Use the Cache tab if customers are reporting outdated info — a cache flush often fixes it.
- Use the Diagnostics tab when something is broken and you don't know what.
🚨 Red flags / things to watch out for
If the Diagnostics tab shows ANY service in red, treat it as P1 — at least one downstream dependency is unhealthy.
Technical details (for developers)
Route: /forest-admin/controls
API endpoints called:
GET /api/platform/forest-admin/controls/api-performance
Observed network requests during the crawl:
| Status | URL |
|---|---|
| 200 | /api/platform/forest-admin/me |
| 200 | /api/platform/forest-admin/controls/sessions |
/forest-admin/monitoring
🔒 Forest Admin Auth
👀 What you see
The Monitoring page is your live health dashboard for the platform infrastructure. Subtitled "Real-time platform infrastructure health and performance".
At the top are four green status cards: Running (the API), Connected (database), Connected (Redis), All Healthy (overall). All green = the platform is up.
Below those are panels for:
- System Resources — CPU and memory bars showing how stressed the server is
- Activity (24h) — counters for login attempts, MFA challenges, license events, etc.
- Event Types (24h) — info banner about event categorisation
Two big metric cards (KES 0 / KES 0) show recent revenue activity. Then comes the API Endpoint Performance table — every endpoint listed with columns for Method, Requests, Errors, Error %, Avg latency, P95, and Max. At the very bottom is a Per-Tenant API Performance section.
💡 Why it matters
If something is wrong with the platform, this is the first page you check. The four green cards at the top should all stay green — if any goes red, there's a real outage. The endpoint table tells you which API routes are slow or failing.
🎯 What to do here
- Glance at the four status cards. All green = healthy.
- Check System Resources — sustained >80% CPU or >90% memory means you should consider upgrading the server.
- Scan the API Endpoint Performance table — anything with >1% error rate or >500ms p95 latency deserves investigation.
- If a row has high errors but you know what's causing it (e.g., expected 401s on /login), it's fine — only 5xx now counts as a real "error" after our recent fix.
🚨 Red flags / things to watch out for
Any of the four top cards going red. Sustained CPU above 90%. Any endpoint with a non-zero error count in the recent fixes — these are 5xx responses, which always indicate a server bug.
Technical details (for developers)
Route: /forest-admin/monitoring
API endpoints called:
GET /health/readyGET /api/platform/forest-admin/controls/diagnostics
Observed network requests during the crawl:
| Status | URL |
|---|---|
| 200 | /api/platform/forest-admin/me |
| 200 | /api/platform/forest-admin/controls/api-performance |
| 200 | /api/platform/forest-admin/controls/api-performance/tenants |
| 200 | /api/platform/forest-admin/backup-health |
| 200 | /api/platform/forest-admin/controls/diagnostics |
| 200 | /api/platform/forest-admin/gods-view |
/forest-admin/analytics
🔒 Forest Admin Auth
👀 What you see
The Analytics page is the business analytics dashboard. Subtitled "Platform-wide business analytics and growth metrics" with a Refresh button.
Four KPI cards across the top:
- MRR (Monthly Recurring Revenue)
- Platform Revenue (total earned)
- Active Tenants
- Active Users (24h)
Below those are two big panels: Subscription Plan Mix (currently shows "No subscriptions yet") which becomes a pie chart when there's data, and Geographic Distribution (7d) ("Geo data appears when users access the platform") which becomes a country leaderboard.
💡 Why it matters
This is where you answer "is the business growing?". Whereas the Dashboard is for daily ops, Analytics is for trend-spotting and planning.
🎯 What to do here
- Compare MRR week-over-week to spot growth or churn.
- Watch the Plan Mix to see which tier customers prefer — adjust pricing accordingly.
- Use Geographic Distribution to understand where to focus marketing.
🚨 Red flags / things to watch out for
MRR going down two months in a row is a churn signal — investigate which tenants cancelled.
Technical details (for developers)
Route: /forest-admin/analytics
API endpoints called:
GET /api/platform/forest-admin/dashboard
Observed network requests during the crawl:
| Status | URL |
|---|---|
| 200 | /api/platform/forest-admin/me |
| 200 | /api/platform/forest-admin/revenue-ledger?pageSize=10 |
| 200 | /api/platform/forest-admin/gods-view |
/forest-admin/revenue-ledger
🔒 Forest Admin Auth
👀 What you see
The Revenue Share Ledger is your accountant's view — every payment that ever flowed through the platform, with the platform's cut clearly broken out. Filter tabs at the top: All, Completed, Pending, Failed. A CSV export button is at the right.
The table has these columns: Tenant, Gross (what the customer paid), Fee (what PesaPal took), Platform Share (what you keep), Net (what gets disbursed to the tenant), Status, and Date.
The screenshot shows "0 total transactions" because no real payments have happened yet on this fresh install.
💡 Why it matters
This is the source of truth for "how much money have we made". Auditors, accountants, and finance teams will live in this page. The CSV export is what you give your bookkeeper at month-end.
It also shows failed disbursements — payments where the platform owes the tenant money but the transfer hasn't gone through. Those need active management.
🎯 What to do here
- Switch the filter tabs to investigate by status. Always check Failed first — failed disbursements mean a tenant is owed money.
- Click CSV at month-end to download for your accounting system.
- Click any row to see the full transaction details, retry failed disbursements, or contact support.
🚨 Red flags / things to watch out for
Anything in the Failed tab is money you owe but haven't paid. Old failed disbursements damage trust — resolve them within 24 hours.
Technical details (for developers)
Route: /forest-admin/revenue-ledger
API endpoints called:
GET /api/platform/forest-admin/revenue-ledger
Observed network requests during the crawl:
| Status | URL |
|---|---|
| 200 | /api/platform/forest-admin/me |
| 200 | /api/platform/forest-admin/revenue-ledger?page=1&pageSize=30 |
/forest-admin/admin-users
🔒 Forest Admin Auth
👀 What you see
The Admin Users page (sidebar item: "Admin Users") manages other Forest Admin operators. Subtitled "Manage Forest Admin users who can access this control panel". A green "+ Invite Admin" button is on the top right.
The table lists every Forest Admin with columns: Email (with avatar), Status (Active / Disabled badge), MFA (on/off icon), Last Login, Created, Actions. In this screenshot you can see forestadmin@scalegate.io: marked Active, no MFA enabled, last login 10 Apr 2026 07:15, created 05 Apr 2026, with a red Disable action link.
💡 Why it matters
Forest Admins have keys to the kingdom. Anyone in this list can suspend tenants, change pricing, read every audit log, and edit platform secrets. Treat this list with extreme care — the principle of least privilege applies.
🎯 What to do here
- Click "+ Invite Admin" to add a new operator. They'll receive a temporary password and must change it on first login.
- Click Disable immediately when someone leaves the team — never delete (you want the audit history preserved).
- Periodically check the MFA column — every Forest Admin should have MFA enabled.
🚨 Red flags / things to watch out for
Any Forest Admin with MFA off, or a "Last Login" from an unexpected location. Any account you don't recognise — could be a compromise.
Technical details (for developers)
Route: /forest-admin/admin-users
API endpoints called:
GET /api/platform/forest-admin/admins
Observed network requests during the crawl:
| Status | URL |
|---|---|
| 200 | /api/platform/forest-admin/me |
| 200 | /api/platform/forest-admin/admins |
/forest-admin/error-log
🔒 Forest Admin Auth
👀 What you see
The Error Log is the cross-tenant error and failure feed. Subtitled "Cross-tenant error and failure events from platform + all tenants". Time-range chips on the top right: 1h, 6h, 12h, 24h, 3d, 7d (with a Refresh button).
Three KPI cards: Total Errors, Platform Errors (errors in the platform DB itself), and Tenant Errors (errors inside individual tenant databases).
Below the KPIs is a table with columns Time, Source, Tenant, Action, Detail, and IP. Currently empty: "No errors in the last 24 hours" — which is exactly what you want to see.
💡 Why it matters
It's the unified place to see things that broke — across the platform AND every tenant database — without SSH'ing into the server. When a customer says "it didn't work", this is where you find proof.
🎯 What to do here
- If you've just made a change to platform settings, refresh this page after a minute to see if anything new errored.
- Use the time-range chips to widen the search if you're investigating something that happened earlier.
- Click any row to expand the full stack trace and request context.
🚨 Red flags / things to watch out for
A sudden burst of errors of the same type usually indicates a deployment regression or an external service (PesaPal, Azure Blob, SMTP) being down.
Technical details (for developers)
Route: /forest-admin/error-log
API endpoints called:
GET /api/platform/forest-admin/error-log
Observed network requests during the crawl:
| Status | URL |
|---|---|
| 200 | /api/platform/forest-admin/me |
| 200 | /api/platform/forest-admin/error-log?hours=24&limit=200 |
/forest-admin/audit-log
🔒 Forest Admin Auth
👀 What you see
The Platform Audit Trail is the immutable record of every action ever taken on the platform by a Forest Admin or by the system itself. The page header has a search box and filter chips for narrowing by action type.
The table is busy in this screenshot — many rows of GodEyeQuery entries with green "Completed" status badges, all from forestadmin@scalegate.io, with timestamps and the IP address of the request. Each row also has an ENTITY ID column showing what was acted on. Pagination is at the bottom.
💡 Why it matters
Compliance, forensics, and accountability. If something changed and nobody knows why, the audit trail tells you who, when, where (IP), and exactly what. This is also your evidence for SOC 2 / ISO 27001 audits.
Audit entries are append-only — they can never be edited or deleted, even by Forest Admins.
🎯 What to do here
- Use the search box to filter by actor email, action name, or entity ID.
- Investigate any unexpected actions, especially around suspending tenants, changing plans, or editing platform settings.
- For an audit, click an entry to see the full before/after JSON of the change.
🚨 Red flags / things to watch out for
Actions taken from an IP address you don't recognise. Mass changes happening at unusual hours. Any "Failed" badge on a sensitive action — somebody tried something they couldn't do.
Technical details (for developers)
Route: /forest-admin/audit-log
API endpoints called:
GET /api/platform/forest-admin/audit-log
Observed network requests during the crawl:
| Status | URL |
|---|---|
| 200 | /api/platform/forest-admin/me |
| 200 | /api/platform/forest-admin/audit-log?page=1&pageSize=30 |
/forest-admin/tenant-activity
🔒 Forest Admin Auth
👀 What you see
The Live Activity page (sidebar: "Live Activity") is a federated feed of what's happening inside every tenant database — logins, payments, license events. Subtitled "Live activity feed across all tenants - logins, payments, license events". Time-range chips on the right (1h / 6h / 12h / 24h / 3d / 7d).
Four KPI cards across the top: Total Events, Tenants, Active Tenants, Events/Active (events per active tenant — a density measure).
Below the KPIs are a search box and a "All types" dropdown for filtering by event type. The main panel currently says "No activity in the selected time window" because production has no real users yet.
💡 Why it matters
Whereas the Audit Log is about Forest Admin actions, this page is about end-user actions inside each tenant. It's the cross-tenant version of "what's everyone doing right now". Useful for support — when a customer says "we tried to log in", you can verify it actually happened.
🎯 What to do here
- Use the search box to find events for a specific user or license key.
- Use the type dropdown to filter to just logins, payments, or activations.
- Watch the Events/Active card to see if any tenant is unusually busy — that may indicate either rapid growth or abuse.
🚨 Red flags / things to watch out for
A tenant with an enormous Events/Active count compared to peers may be running automated scripts against your API — could be legitimate, could be abuse.
Technical details (for developers)
Route: /forest-admin/tenant-activity
API endpoints called:
GET /api/platform/forest-admin/tenant-activity
Observed network requests during the crawl:
| Status | URL |
|---|---|
| 200 | /api/platform/forest-admin/me |
| 200 | /api/platform/forest-admin/tenant-activity?hours=24&page=1&pageSize=100 |
/forest-admin/profile
🔒 Forest Admin Auth
👀 What you see
The My Profile page is where you manage your own Forest Admin account. It shows four stacked panels:
- Profile (green header) — your avatar, email (forestadmin@scalegate.io), a green "FOREST ADMIN" badge, an amber "MFA Inactive" warning badge, and your last-login timestamp.
- Change Password (purple header) — three fields: Current Password, New Password (min 8 characters), Confirm New Password, and a purple Update Password button.
- Two-Factor Authentication (blue header) — currently shows an amber "MFA is not enabled" warning with a description "Add an extra layer of security to your Forest Admin account" and a blue Set Up MFA button.
- Session Information (gray header) — four data points: Account Created (05 Apr 2026), Last Login (10 Apr 2026 07:15), MFA Status (Disabled), Account Status (Active).
💡 Why it matters
This is where you secure yourself. The single most important thing on this page is the Set Up MFA button — every Forest Admin should have MFA enabled. Your password alone is not enough protection for keys-to-the-kingdom access.
🎯 What to do here
- Set up MFA right now if you haven't — click "Set Up MFA", scan the QR code with Google Authenticator or 1Password, and enter the 6-digit code to confirm.
- Change your password if you suspect it's been seen by anyone else, or every 90 days as a habit.
- Note your "Last Login" timestamp — if it doesn't match when YOU last logged in, your account may be compromised.
🚨 Red flags / things to watch out for
"MFA is not enabled" — fix this immediately. Any "Last Login" you don't recognise — change your password and disable then re-enable MFA.
Technical details (for developers)
Route: /forest-admin/profile
API endpoints called:
GET /api/platform/forest-admin/me
Observed network requests during the crawl:
| Status | URL |
|---|---|
| 200 | /api/platform/forest-admin/me |
| 200 | /api/platform/forest-admin/me |