Admin Controls
The Identity Graph has two configuration surfaces:
- Customer-facing settings at Settings → Identity Graph (in each company's portal) — see Identity Graph Settings for the customer-side walkthrough.
- Super-admin global defaults and per-company overrides described on this page — used to set the baseline that applies to every company, and to override individual tenants when needed.
Most tenants are happy with the customer-facing controls. The super-admin defaults exist so the operator can ship a sensible starting policy to every new company without each owner having to set everything from scratch, and so regulated tenants can be locked into a stricter posture.
Runtime gate — subscription-driven
The graph runs for any customer with an active, non-expired subscription. There's nothing for the customer to toggle:
- Active subscription → AI agents receive the graph context on every chat / call.
- Trial expired or subscription cancelled → graph context stops being assembled. AI prompts contain only the current session.
This decision is cached for 60 seconds per company, so subscription state changes propagate without overloading the database.
Global defaults
A single super-admin-owned document (one row in the identity_graph_defaults collection) holds the configuration that applies to every company by default. It carries:
- Enabled — master on/off for the graph.
- Capture Website Forms — whether the form-intercept script loads alongside the widget.
- AI Agent Context Sections — which sections to include in the AI prompt (Identity, Engagement, Past Conversations, CRM State, etc.). Empty means "include everything".
- Custom Intro — paragraph prepended to AI prompts globally.
- Limits —
max_recent_pages,max_past_conversations,max_extracted_facts. - Verification Policy —
permissive,moderate,strict, orregulated. - Trust Inbound Caller-ID — whether matching caller-ID counts as a verification trigger.
API:
| Method | Path | Purpose |
|---|---|---|
GET | /admin/identity/config/defaults | Read the current global defaults. |
PUT | /admin/identity/config/defaults | Update one or more default fields. |
Updates take effect within 60 seconds (per-process cache TTL on the resolver).
Per-company override
For specific tenants whose posture differs from the global default (e.g. a regulated-industry customer who needs verification_policy: regulated while the rest stay on strict), the admin can flip that company onto a custom config:
| Method | Path | Purpose |
|---|---|---|
PUT | /admin/identity/config/company/:id | Body: { use_custom_config: true, config: { … any subset of fields … } }. |
PUT | /admin/identity/config/company/:id | Body: { use_custom_config: false } returns the company to the global defaults. |
Companies with identity_graph_use_custom_config: false (the default) inherit the global config and don't carry their own copy.
Super-admin browsing (unchanged)
Identity Graph admin still surfaces under Admin → Identity:
- Persons — list of every Person, with profile and session counts.
- Person Detail — Company Profiles, Sessions, Bookings, Match Keys tabs.
- Person Profile Detail (per-tenant) — Forms, Facts, Bookings, CRM Enrichment, Identity Audit tabs.
- Person Profiles — paginated cross-tenant list.
- Form Submissions — every captured form across tenants.
- Markdown Preview (diagnostic) — given a session id, returns the exact markdown the AI would receive plus reasons it might be empty.
These are read-only. They're used for support — when a customer asks "why isn't the AI greeting my returning visitor?", an admin pulls up that visitor's Person, looks at the Identity Audit log on the matching Person Profile, and sees whether a verification event ever fired.