> ## Documentation Index
> Fetch the complete documentation index at: https://memberpulseptyltd.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Platform Settings

> Configure global platform settings, integrations, and system options

## Overview

Platform Settings provides administrators with centralized control over global configuration options that affect all organizations on the platform. This includes integration settings, feature flags, email configuration, and system-wide defaults.

## Settings Categories

<CardGroup cols={2}>
  <Card title="General Settings" icon="gear">
    Platform name, branding, and default configurations
  </Card>

  <Card title="Integration Settings" icon="plug">
    Third-party service connections and API keys
  </Card>

  <Card title="Feature Flags" icon="flag">
    Enable/disable platform features globally or per-tenant
  </Card>

  <Card title="Email Configuration" icon="envelope">
    SMTP settings and email template defaults
  </Card>

  <Card title="Security Settings" icon="shield">
    Authentication, MFA, and session policies
  </Card>

  <Card title="System Defaults" icon="sliders">
    Default values for new organizations
  </Card>
</CardGroup>

***

## General Settings

### Platform Branding

| Setting              | Type  | Description                         |
| -------------------- | ----- | ----------------------------------- |
| Platform Name        | Text  | Display name shown in emails and UI |
| Support Email        | Email | Default support contact email       |
| Support URL          | URL   | Link to support documentation       |
| Terms of Service URL | URL   | Link to terms of service            |
| Privacy Policy URL   | URL   | Link to privacy policy              |

#### Acceptance Criteria

##### Frontend

* [ ] Platform Branding workflow is implemented in the UI as described.

##### Backend / API

* [ ] Backend behavior supports Platform Branding as documented.

##### Permissions

* [ ] Access is restricted per the Capabilities matrix on this page (or equivalent role rules).

##### Business Rules

* [ ] All business rules for this feature are enforced.

##### Error Handling

* [ ] Error states return clear messages and appropriate HTTP status codes.

### Regional Defaults

| Setting             | Type   | Description                                 |
| ------------------- | ------ | ------------------------------------------- |
| Default Timezone    | Select | Default timezone for new organizations      |
| Default Currency    | Select | Default currency (AUD, USD, GBP, EUR, etc.) |
| Default Date Format | Select | DD/MM/YYYY, MM/DD/YYYY, YYYY-MM-DD          |
| Default Language    | Select | Default UI language                         |

***

#### Acceptance Criteria

##### Frontend

* [ ] Regional Defaults workflow is implemented in the UI as described.

##### Backend / API

* [ ] Backend behavior supports Regional Defaults as documented.

##### Permissions

* [ ] Access is restricted per the Capabilities matrix on this page (or equivalent role rules).

##### Business Rules

* [ ] All business rules for this feature are enforced.

##### Error Handling

* [ ] Error states return clear messages and appropriate HTTP status codes.

## Integration Settings

### Stripe Configuration

| Setting         | Type      | Required | Description                          |
| --------------- | --------- | -------- | ------------------------------------ |
| Stripe Mode     | Toggle    | Yes      | Live or Test mode                    |
| Publishable Key | Text      | Yes      | Public API key                       |
| Secret Key      | Secret    | Yes      | Private API key (encrypted)          |
| Webhook Secret  | Secret    | Yes      | Webhook signing secret               |
| Webhook URL     | Read-only | -        | URL to configure in Stripe dashboard |

<Info>
  Each organization can override Stripe settings with their own connected account for direct payments.
</Info>

#### Acceptance Criteria

##### Frontend

* [ ] Stripe Configuration workflow is implemented in the UI as described.

##### Backend / API

* [ ] Backend behavior supports Stripe Configuration as documented.

##### Permissions

* [ ] Access is restricted per the Capabilities matrix on this page (or equivalent role rules).

##### Business Rules

* [ ] All business rules for this feature are enforced.

##### Error Handling

* [ ] Error states return clear messages and appropriate HTTP status codes.

### Xero Configuration

| Setting          | Type      | Required | Description           |
| ---------------- | --------- | -------- | --------------------- |
| Client ID        | Text      | Yes      | OAuth2 client ID      |
| Client Secret    | Secret    | Yes      | OAuth2 client secret  |
| Redirect URI     | Read-only | -        | OAuth callback URL    |
| Default Tax Rate | Text      | No       | Default tax rate code |

#### Acceptance Criteria

##### Frontend

* [ ] Xero Configuration workflow is implemented in the UI as described.

##### Backend / API

* [ ] Backend behavior supports Xero Configuration as documented.

##### Permissions

* [ ] Access is restricted per the Capabilities matrix on this page (or equivalent role rules).

##### Business Rules

* [ ] All business rules for this feature are enforced.

##### Error Handling

* [ ] Error states return clear messages and appropriate HTTP status codes.

### Salesforce Configuration

| Setting         | Type   | Required | Description                                 |
| --------------- | ------ | -------- | ------------------------------------------- |
| Environment     | Select | Yes      | Production or Sandbox                       |
| Consumer Key    | Text   | Yes      | Connected app consumer key                  |
| Consumer Secret | Secret | Yes      | Connected app consumer secret               |
| Login URL       | Text   | Yes      | login.salesforce.com or test.salesforce.com |

#### Acceptance Criteria

##### Frontend

* [ ] Salesforce Configuration workflow is implemented in the UI as described.

##### Backend / API

* [ ] Backend behavior supports Salesforce Configuration as documented.

##### Permissions

* [ ] Access is restricted per the Capabilities matrix on this page (or equivalent role rules).

##### Business Rules

* [ ] All business rules for this feature are enforced.

##### Error Handling

* [ ] Error states return clear messages and appropriate HTTP status codes.

### HubSpot Configuration

| Setting        | Type   | Required | Description                                  |
| -------------- | ------ | -------- | -------------------------------------------- |
| Portal ID      | Text   | Yes      | HubSpot portal/account ID                    |
| API Key        | Secret | Yes      | Private app API key                          |
| Sync Contacts  | Toggle | No       | Auto-sync members to HubSpot contacts        |
| Sync Companies | Toggle | No       | Auto-sync organizations to HubSpot companies |

#### Acceptance Criteria

##### Frontend

* [ ] HubSpot Configuration workflow is implemented in the UI as described.

##### Backend / API

* [ ] Backend behavior supports HubSpot Configuration as documented.

##### Permissions

* [ ] Access is restricted per the Capabilities matrix on this page (or equivalent role rules).

##### Business Rules

* [ ] All business rules for this feature are enforced.

##### Error Handling

* [ ] Error states return clear messages and appropriate HTTP status codes.

### Email Provider (SMTP)

| Setting          | Type   | Required | Description                                |
| ---------------- | ------ | -------- | ------------------------------------------ |
| Provider         | Select | Yes      | SendGrid, Mailgun, Amazon SES, Custom SMTP |
| SMTP Host        | Text   | Yes      | Mail server hostname                       |
| SMTP Port        | Number | Yes      | Mail server port (587, 465, 25)            |
| SMTP Username    | Text   | Yes      | Authentication username                    |
| SMTP Password    | Secret | Yes      | Authentication password                    |
| From Address     | Email  | Yes      | Default sender email                       |
| From Name        | Text   | Yes      | Default sender name                        |
| Reply-To Address | Email  | No       | Default reply-to email                     |

***

#### Acceptance Criteria

##### Frontend

* [ ] Email Provider (SMTP) workflow is implemented in the UI as described.

##### Backend / API

* [ ] Backend behavior supports Email Provider (SMTP) as documented.

##### Permissions

* [ ] Access is restricted per the Capabilities matrix on this page (or equivalent role rules).

##### Business Rules

* [ ] All business rules for this feature are enforced.

##### Error Handling

* [ ] Error states return clear messages and appropriate HTTP status codes.

## Feature Flags

Control which features are available across the platform.

### Global Feature Flags

| Flag                  | Default | Description                       |
| --------------------- | ------- | --------------------------------- |
| `enable_lms`          | On      | Learning Management System        |
| `enable_cpd`          | On      | CPD Point Tracking                |
| `enable_directory`    | On      | Business Directory                |
| `enable_job_board`    | On      | Job Board / Careers               |
| `enable_sponsorships` | On      | Sponsorship Management            |
| `enable_community`    | Off     | Community Features (Beta)         |
| `enable_ai_features`  | Off     | AI-powered features (Beta)        |
| `enable_sso`          | On      | Single Sign-On support            |
| `enable_mfa`          | On      | Multi-Factor Authentication       |
| `enable_api_access`   | On      | REST API access for organizations |

#### Acceptance Criteria

##### Frontend

* [ ] Global Feature Flags workflow is implemented in the UI as described.

##### Backend / API

* [ ] Backend behavior supports Global Feature Flags as documented.

##### Permissions

* [ ] Access is restricted per the Capabilities matrix on this page (or equivalent role rules).

##### Business Rules

* [ ] All business rules for this feature are enforced.

##### Error Handling

* [ ] Error states return clear messages and appropriate HTTP status codes.

### Per-Tenant Overrides

Administrators can override global flags for specific organizations:

```
GET  /api/admin/tenants/{id}/features     # Get tenant feature flags
PUT  /api/admin/tenants/{id}/features     # Update tenant feature flags
```

***

#### Acceptance Criteria

##### Frontend

* [ ] Per-Tenant Overrides workflow is implemented in the UI as described.

##### Backend / API

* [ ] Backend behavior supports Per-Tenant Overrides as documented.

##### Permissions

* [ ] Access is restricted per the Capabilities matrix on this page (or equivalent role rules).

##### Business Rules

* [ ] All business rules for this feature are enforced.

##### Error Handling

* [ ] Error states return clear messages and appropriate HTTP status codes.

## Security Settings

### Authentication

| Setting              | Type   | Default | Description                             |
| -------------------- | ------ | ------- | --------------------------------------- |
| Session Timeout      | Number | 24      | Hours until session expires             |
| Max Login Attempts   | Number | 5       | Failed attempts before lockout          |
| Lockout Duration     | Number | 30      | Minutes account is locked               |
| Password Min Length  | Number | 8       | Minimum password characters             |
| Require Uppercase    | Toggle | On      | Require uppercase letter                |
| Require Number       | Toggle | On      | Require numeric character               |
| Require Special Char | Toggle | Off     | Require special character               |
| Password Expiry Days | Number | 0       | Days until password expires (0 = never) |

#### Acceptance Criteria

##### Frontend

* [ ] Authentication workflow is implemented in the UI as described.

##### Backend / API

* [ ] Backend behavior supports Authentication as documented.

##### Permissions

* [ ] Access is restricted per the Capabilities matrix on this page (or equivalent role rules).

##### Business Rules

* [ ] All business rules for this feature are enforced.

##### Error Handling

* [ ] Error states return clear messages and appropriate HTTP status codes.

### Multi-Factor Authentication

| Setting                      | Type         | Default     | Description                     |
| ---------------------------- | ------------ | ----------- | ------------------------------- |
| MFA Available                | Toggle       | On          | Allow users to enable MFA       |
| MFA Required (Admins)        | Toggle       | On          | Require MFA for platform admins |
| MFA Required (Client Admins) | Toggle       | Off         | Require MFA for client admins   |
| MFA Methods                  | Multi-select | TOTP, Email | Available MFA methods           |

#### Acceptance Criteria

##### Frontend

* [ ] Multi-Factor Authentication workflow is implemented in the UI as described.

##### Backend / API

* [ ] Backend behavior supports Multi-Factor Authentication as documented.

##### Permissions

* [ ] Access is restricted per the Capabilities matrix on this page (or equivalent role rules).

##### Business Rules

* [ ] All business rules for this feature are enforced.

##### Error Handling

* [ ] Error states return clear messages and appropriate HTTP status codes.

### API Security

| Setting        | Type     | Default | Description                         |
| -------------- | -------- | ------- | ----------------------------------- |
| API Rate Limit | Number   | 1000    | Requests per hour per key           |
| API Key Expiry | Number   | 365     | Days until API key expires          |
| Require HTTPS  | Toggle   | On      | Reject non-HTTPS API requests       |
| IP Whitelist   | Textarea | -       | Allowed IP addresses (one per line) |

***

#### Acceptance Criteria

##### Frontend

* [ ] API Security workflow is implemented in the UI as described.

##### Backend / API

* [ ] Backend behavior supports API Security as documented.

##### Permissions

* [ ] Access is restricted per the Capabilities matrix on this page (or equivalent role rules).

##### Business Rules

* [ ] All business rules for this feature are enforced.

##### Error Handling

* [ ] Error states return clear messages and appropriate HTTP status codes.

## System Defaults

Default values applied to new organizations.

### Membership Defaults

| Setting                    | Type   | Default      | Description                    |
| -------------------------- | ------ | ------------ | ------------------------------ |
| Default Member Role        | Select | ROLE\_MEMBER | Role for new members           |
| Require Email Verification | Toggle | On           | Verify email before activation |
| Auto-Approve Members       | Toggle | Off          | Auto-approve new registrations |
| Welcome Email Template     | Select | default      | Default welcome email          |

#### Acceptance Criteria

##### Frontend

* [ ] Membership Defaults workflow is implemented in the UI as described.

##### Backend / API

* [ ] Backend behavior supports Membership Defaults as documented.

##### Permissions

* [ ] Access is restricted per the Capabilities matrix on this page (or equivalent role rules).

##### Business Rules

* [ ] All business rules for this feature are enforced.

##### Error Handling

* [ ] Error states return clear messages and appropriate HTTP status codes.

### Notification Defaults

| Setting             | Type   | Default | Description                |
| ------------------- | ------ | ------- | -------------------------- |
| Email Notifications | Toggle | On      | Enable email notifications |
| Digest Frequency    | Select | Daily   | Email digest frequency     |
| Admin Alerts        | Toggle | On      | Send alerts to admins      |

#### Acceptance Criteria

##### Frontend

* [ ] Notification Defaults workflow is implemented in the UI as described.

##### Backend / API

* [ ] Backend behavior supports Notification Defaults as documented.

##### Permissions

* [ ] Access is restricted per the Capabilities matrix on this page (or equivalent role rules).

##### Business Rules

* [ ] All business rules for this feature are enforced.

##### Error Handling

* [ ] Error states return clear messages and appropriate HTTP status codes.

### Storage Defaults

| Setting            | Type         | Default        | Description               |
| ------------------ | ------------ | -------------- | ------------------------- |
| Max File Size      | Number       | 50             | Maximum upload size in MB |
| Allowed File Types | Multi-select | PDF, DOC, etc. | Permitted file extensions |
| Storage Quota      | Number       | 10             | GB per organization       |

***

#### Acceptance Criteria

##### Frontend

* [ ] Storage Defaults workflow is implemented in the UI as described.

##### Backend / API

* [ ] Backend behavior supports Storage Defaults as documented.

##### Permissions

* [ ] Access is restricted per the Capabilities matrix on this page (or equivalent role rules).

##### Business Rules

* [ ] All business rules for this feature are enforced.

##### Error Handling

* [ ] Error states return clear messages and appropriate HTTP status codes.

## Audit Log

All settings changes are logged for compliance and troubleshooting.

| Field      | Description               |
| ---------- | ------------------------- |
| Timestamp  | When the change occurred  |
| Admin      | Who made the change       |
| Setting    | Which setting was changed |
| Old Value  | Previous value            |
| New Value  | New value                 |
| IP Address | Admin's IP address        |

```
GET /api/admin/settings/audit-log    # View settings change history
```

***

## API Endpoints

```
GET    /api/admin/settings                    # Get all settings
GET    /api/admin/settings/{category}         # Get settings by category
PUT    /api/admin/settings/{category}         # Update settings category
POST   /api/admin/settings/test-email         # Send test email
POST   /api/admin/settings/test-integration   # Test integration connection
GET    /api/admin/settings/audit-log          # View audit log
```

## Access Control

<Warning>
  Platform Settings can only be accessed by users with the `ROLE_PLATFORM_ADMIN` role. All changes are logged and auditable.
</Warning>

## Features

### Platform Settings

#### Acceptance Criteria

##### Frontend

* [ ] Admin UI supports the workflows described on this page.

##### Backend / API

* [ ] Admin actions persist changes and are reflected across the product.

##### Permissions

* [ ] Only platform admins can access these screens.

##### Business Rules

* [ ] Changes are audited where applicable.

##### Error Handling

* [ ] Invalid operations display clear errors and do not partially apply changes.
