Dashboard surfaces
The dashboard at /admin/ui/orgs/<slug> is the operator surface for an Upwarden tenant — investigating verdicts, editing policy, managing members, wiring identity, reading the audit trail. Every page here is server-rendered and shareable by URL; every filter round-trips through the query string.
This page maps each surface to the question it answers. If you’re trying to figure out where to do something, scan the descriptions; the linked page tells you how.
Page-anchored docs
Section titled “Page-anchored docs”Each entry: the page, what it lets you do, the personas it’s primarily for.
- Audit log — read every install decision, membership change, policy override, and OAuth login for the org, with tier-windowed retention and CSV export on Org+.
[security] [org-admin] - Packages search — look up an org’s verdict for any package, see the assessed-versions table, blocklist hits, allowlist pins, and the recent audit fragment from one screen.
[security] [dev] - Policies and overrides — edit the org’s enforcement policy (global blocklist inheritance, allowlist) and, on Org+, deviate from Upwarden’s tier defaults with a typed acknowledgement.
[security] [org-admin] - Members and teams — invite, demote, suspend, remove; manage which teams a member belongs to and which projects a team owns; cycle role-vs-capability overrides on the permissions matrix.
[org-admin] [security] - Identity & SSO panel — bind the tenant to a Stytch organization, configure SAML / OIDC connections, claim email domains for JIT auto-join, read the JWKS URL.
[security] [devops] - Your account and step-up auth — manage your own profile, sessions, passkeys, recovery codes, and read what the “Confirm it’s you” re-auth prompt does.
[dev] [org-admin] - Usage and billing — current-month scan count vs your tier’s soft / hard cap, 12-month history, and the link out to seat management.
[org-admin] [security]
Widget references
Section titled “Widget references”Reusable explanations of the dashboard widgets that appear inside the page-anchored surfaces above. Linked from the page docs as well, but indexed here so you can jump straight in if you’re trying to interpret a widget you already see.
- Verdict-mix donut — the 7-day SAFE / BLOCKED / QUARANTINED breakdown on the org overview.
[security] [org-admin] - Block-source mix — the 7-day BLOCKED-by-source bar (OSV, GHSA, fingerprint, size-jump, cooldown, …) on the org overview.
[security] [org-admin] - Advisory detail subpanel — the source / id / severity / summary of an advisory behind a BLOCKED row, rendered inline on the audit page and in the row detail panel.
[security] [org-admin] - Size-anomaly chip — the
size_jump_5x_median/tarball_too_largechip on the packages-search assessed-versions table.[security] [org-admin]
When you’d come back here
Section titled “When you’d come back here”- A developer pings with
[UPWARDEN] BLOCKED— start at packages search, pivot to the audit log if you need the actor trail. - A new admin needs to be added — members and teams.
- An audit asks “why is
audit_retention_days90 not 365?” — policies and overrides, then check thepolicy_override_loosenedenvelope in the audit log. - Onboarding a fresh tenant — start with identity & SSO to bind Stytch, then walk down to policies, members, and finally the audit log to confirm activity.