A workspace is a tenant: its own members, roles, settings, and security policy. You belong to one or more workspaces and switch between them from the topbar. This page covers workspace settings, managing members, switching or creating workspaces, the security policy, and the audit log.
Menu: Account → Workspace settings · Route: /admin/workspace/settings
Edit workspace settings
- In the topbar, open Account → Workspace settings.
- The form opens at
/admin/workspace/settings.
- Edit any of the fields below, then save.
| Field | Description |
|---|
| Name | Display name of the workspace |
| Slug | URL-safe identifier used when switching |
| Environment | production, staging, or sandbox |
| Region | Hosting region |
| Organization | Owning organization |
Manage members
The Members table lists each user, the role(s) they hold, and their member since date. This page manages membership for the current workspace only. Adding, editing, or removing users across all workspaces at once is a separate super-admin console described in Users, roles & permissions.
Invite a member
- Click Invite member.
- Enter the person’s email and choose a role.
- Send the invitation. The outcome depends on the email:
- the person already has an account → they are added immediately;
- they have no account → an invitation email is sent;
- they are already in this workspace → you are told so and nothing changes.
You can only grant roles you yourself hold (anti-escalation).
Remove a member
Use the Remove action on a member’s row. You cannot remove yourself.
Pending invitations
Invitations that have not yet been accepted appear in the Pending invitations table, where you can cancel them.
Switch or create a workspace
- Switch: use the workspace dropdown in the topbar. Selecting a workspace posts to
POST /admin/workspace/switch/{slug} and reloads in that context.
- Create: choose Create new workspace (
/admin/workspace/new) and fill in name, slug, environment, region, and organization. You become the owner and are switched into the new workspace automatically.
Set the security policy
Required security methods apply to everyone in the workspace.
- Open Required security methods (
/admin/account/workspace/required-methods).
- Configure the policy, then save.
| Setting | Description |
|---|
| Require 2FA | Members must enable two-factor authentication |
| Require passkey | Members must register a passkey |
| Require device approval | New devices must be approved before sign-in |
| Session TTL (minutes) | How long a session stays valid (default 480) |
| Admin recovery | Allow admins to assist with account recovery |
| Allowed email domains | Restrict membership to listed domains |
Tightening these settings can lock out members who have not yet met the requirement. Communicate changes before you save.
Review the audit log
- Open the Admin audit log (
/admin/account/workspace/audit).
- The log is paginated (30 entries per page).
Each entry records the date, the actor, the action, the affected entity, and a change payload (JSON) describing what changed.
Permissions
| Action | Permission |
|---|
| View workspace | comerix.workspace.view |
| Edit settings, members & switching | comerix.workspace.manage |
| Manage security policy | comerix.workspace.policy.manage |
| View the audit log | comerix.workspace.audit.view |
Related pages
