Sign up
All guides

Admin guide

This guide covers the administrator topics: organizations, users & roles, billing & plans, and the screen-pairing security model.

Organizations (tenancy)

  • Every account works inside an organization (org). All your media, designs, playlists, and screens belong to one org and are isolated from other orgs.
  • If you belong to more than one org, an org switcher appears in the top bar.
  • Data is strictly tenant-scoped: a screen or design in one org is never visible to another.

Users & roles

Invite teammates from the Team section. Each member has a role that controls what they can do:

RoleCan do
ViewerView content and screens; no changes
EditorCreate and edit media, designs, compositions, playlists
AdminEverything Editor can, plus manage screens, schedules, team, and settings
OwnerFull control, including billing and deleting the org

Assign the least-privileged role that lets someone do their job. Owners and Admins should be a small group.

Finer-grained, per-action permissions (add / remove / publish / edit / view per

member) are planned but not yet available; today, control is at the role level.

Billing and plans

  • The Billing section shows your current plan, usage, and limits.
  • Plan limits (number of screens, total media storage, seats, feature flags) are enforced from the plan, not edited per-org by operators.
  • Upgrading raises your limits; you are prompted to upgrade when you hit a cap.
  • Storage usage is shown in the Media section; an "unlimited" allowance is displayed as such rather than as a number.

If you run an on-premise or owner-admin deployment, plan limits can be edited from the owner Admin console (super-admin only).

Screen pairing security

Understanding how screens authenticate keeps your displays secure:

  • A screen is unlocked until it pairs, then locked (it holds a pairing token). Locked is derived from the presence of that token — it is not a manual switch.
  • Pairing codes are short (6 characters), short-lived, and used once to register a display. After registering, the screen holds a long-lived token and never needs the code again.
  • An unlocked screen exposes a Generate pairing code action (with QR). A locked screen hides it — to re-pair, unlock the screen first, which invalidates its current token.
  • Because content is tenant-scoped, a paired screen can only ever play content from its own org.

Operational advice

  • Unlock and re-pair a screen if a display is lost, stolen, or repurposed — this revokes the old token.
  • Treat pairing codes like temporary passwords: don't share them more widely than needed; they expire quickly.
  • Use schedules and the emergency override to control content centrally rather than touching each display.

Related operational docs

For deployment, capacity, compliance, and player troubleshooting, see the operator docs alongside this guide:

  • docs/PLAYER-RUNBOOK.md
  • docs/TROUBLESHOOTING.md
  • docs/CAPACITY.md
  • docs/COMPLIANCE-EU.md

Ready to try it? Create a free workspace and follow along.

Open Vewport