Account and administration

Manage user identity, sessions and API tokens, plus instance registration, SMTP, users, administrators, and data transfer.

Account settings belong to the signed-in user. Administration settings affect the entire Netstamp instance and require system administrator access.

Account settings

Open the user menu and select Account to manage:

  • display name;
  • email address and verification;
  • local password;
  • linked OIDC, Google, or GitHub identities;
  • active browser sessions and their user agents;
  • personal API tokens;
  • account deactivation.

Sensitive changes require recent authentication. Netstamp may ask for the current password or redirect through a linked provider before continuing.

Do not remove the last authentication method from an account. Before changing an external provider or email domain, add and test a fallback method.

Sessions

Sessions are server-side and backed by an opaque HTTP-only cookie. Account settings list active sessions. Revoke an unfamiliar session immediately, or revoke all sessions after a suspected account compromise.

The default idle lifetime is 24 hours and the absolute lifetime is 7 days; operators can change both with controller configuration.

System administrator bootstrap

The first successfully registered account becomes a system administrator. Netstamp prevents removal of the last active system administrator.

System administrators can:

  • change registration, email-verification, public-origin, and SMTP settings;
  • list, disable, or re-enable users;
  • set or clear a user’s local password;
  • grant or revoke system administrator access;
  • export and import an administrative JSON data package.

System administrator access does not grant project membership.

Instance settings

Stored Admin settings override environment fallbacks. Secret settings are encrypted with SYSTEM_SETTINGS_ENCRYPTION_KEY. After changing SMTP or origins, test email links, external login callbacks, and probe installer output.

Disabling registration blocks new local registrations. JIT provisioning at an external provider is a separate policy and should be reviewed at the same time.

User recovery

An administrator may set a temporary local password for an existing user or clear a compromised password. Deliver temporary credentials through a secure channel and require the user to replace them after sign-in.

Disabling a user prevents sign-in and protected API access. It does not delete project history or monitoring data.

Data export and import

The Admin data package is useful for application-level transfer. Imports are privileged and can modify many tables. Take a PostgreSQL backup first, validate the package source and format, and perform a test restore before importing into production.

See Upgrade, backup, and restore for the disaster-recovery workflow.