Realm9 Logo
Search documentation...

Configuration

Realm9 provides a range of organisation-level settings accessible to ADMIN and SUPER_ADMIN users under the Settings menu.

Organisation Settings

Path: /settings/organization

Configure core organisation properties:

  • Organisation Name: Display name used throughout the platform
  • Default Currency: Currency used for cost tracking and FinOps reporting
  • Disable Open Signup: Prevent new users from self-registering — invite-only mode
  • Auto-Provision Role: Role automatically assigned to users who sign up via SSO or invite
  • Domain Management: Add and verify email domains to control which addresses can join your organisation

Booking Limits

Path: /settings/booking-limits

Control how many bookings your organisation can create per calendar month:

  • Maximum Bookings Per Month: Set the monthly cap (1–10,000)
  • Usage Tracking: Live progress bar showing current month usage with colour thresholds (green < 70%, amber 70–89%, red ≥ 90%)
  • The count resets automatically on the 1st of each month
  • Cancelled and rejected bookings still count toward the limit

Approval Workflows

Path: /configuration/workflows

Define multi-level approval processes for environment bookings and environment requests:

Workflow settings:

  • Resource type — Booking Request or Environment Request
  • Active / inactive toggle
  • Default workflow (used when no specific workflow matches)
  • Auto-start — automatically trigger the workflow on submission
  • Allow skip — permit bypassing the workflow under certain conditions
  • Timeout — hours before the entire workflow expires
  • Send reminders — notify approvers at a configured interval (hours)

Per-level settings:

  • Level name and required approvals count
  • Approver type — Specific Users, Role-based, or Dynamic
  • Sequential or parallel approval within the level
  • Optional level (failure does not block the workflow)
  • Per-level timeout (independent of the workflow-level timeout)
  • Workspace attachment — link a Terraform workspace to execute at this level

The page has two tabs: Workflows (manage definitions) and Active Instances (running workflow instances, with Admin Override capability).

Custom Fields

Path: /settings/fields

Extend environment and booking data with organisation-specific fields:

  • Create field groups to organise related fields
  • Add fields with types: Text, Long text, Number, Yes/No, Date, Date & time, Dropdown
  • Reorder fields via drag-and-drop
  • Enable or disable field groups as needed

SSO & Authentication

Path: /settings/single-sign-on

Integrate with your identity provider for single sign-on. Four sub-pages:

Configurations — add and manage SSO providers:

  • Google — OAuth/OIDC (available on all tiers)
  • Azure AD — OAuth/OIDC or SAML 2.0 (Enterprise)
  • Okta — SAML 2.0 (Enterprise)
  • Generic SAML 2.0 — any SAML-compatible IdP (Enterprise)

Per-provider options: enable/disable, enforce MFA on SSO login, domain binding, role mapping (group-to-role).

Health — monitor SSO provider health. Shows circuit breaker state (Closed / Open / Half-open), health status (Healthy / Degraded / Unhealthy / Offline), and allows manual health check or circuit breaker reset.

Migrations — plan and execute a migration from one SSO provider to another, with rollback support (Enterprise only).

SCIM — manage SCIM 2.0 bearer tokens for automated user provisioning and deprovisioning. Set the default role assigned to auto-provisioned users.

See SSO & Authentication for full setup instructions per provider, health monitoring, SCIM, and migrations.

Session Security

Path: /settings/session-security

Control how user sessions are managed across devices:

  • Multiple Devices: Allow or restrict concurrent sessions per user
  • Device Limit Enforcement: Strictly enforce the maximum number of active devices
  • IP Address Binding: Tie sessions to the originating IP address
  • IP Change Handling: Define behaviour when a user's IP changes mid-session
  • Device Fingerprinting: Require device fingerprinting for additional session verification
  • Fingerprint Strength: Configure the strictness of fingerprint matching

LLM Configuration

Path: /settings/llm

Configure the AI model powering the System Assistant:

  • Provider: Select your LLM provider (e.g. OpenAI)
  • API Key: Enter your own API key (BYOK — Bring Your Own Key)
  • Chat Model: Choose the model used for assistant conversations
  • Embedding Model: Model used for semantic search and context retrieval
  • Max Tokens / Temperature: Tune response length and creativity
  • Rate Limits: Set requests-per-minute and tokens-per-minute caps
  • Usage Stats: View total tokens used and requests made

Terraform Policies

Path: /settings/terraform-policies

Create policy profiles that control how Checkov and other scanners behave on Terraform runs. Each profile has an enforcement mode:

ModeEffect
AdvisoryScan runs, results are recorded, nothing is blocked
Soft MandatoryFailures generate warnings and can be overridden by a Provisioner or Admin
Hard MandatoryFailures block the run — no override permitted

Set a profile as the default, or assign profiles per Terraform project.

Licensing

Path: /settings/licensing

Manage your Realm9 licence:

  • View current tier (Free, Starter, Enterprise) and status
  • Activate a licence key
  • Start or monitor a trial period
  • View feature limits for your current tier

See Installation for deployment-time licence setup.

FinOps Settings

Path: /settings/finops

Configure cloud cost data sources and sync behaviour for the FinOps module:

  • Enable/Disable per Connection: Toggle cost data collection for each cloud connection individually
  • Cost Allocation Tags: Define the tag keys used to allocate costs across teams and projects
  • Sync Schedule: Configure how frequently cost data is pulled from cloud providers
  • Manual Sync: Trigger an immediate cost data refresh from the FinOps overview

Audit Settings

Path: /settings/audit

Audit log configuration requires the Ultimate tier.

Set the retention period for audit records (30–365 days). Logs older than the configured retention period are automatically purged. The cleanup itself is recorded as an audit event.

All 13+ event categories are always captured — you cannot disable individual categories.

See Audit Logs for a full reference.

Cloud Connections

Path: /connections

Connect your cloud accounts and on-premises infrastructure to Realm9 for Terraform automation and cost tracking:

  • AWS: Account ID, region, IAM role configuration
  • Azure: Subscription and region setup via Service Principal
  • GCP: Project configuration via Service Account
  • On-Premises: Hypervisor type (Proxmox / VMware vCenter), subnet, public IP, router vendor
  • VPN Configuration: Tunnel and VPN status for on-premises connections
  • Connection Roles: Manage IAM/RBAC roles linked to each cloud connection
  • Test connection status directly from the UI

Secrets Management

Path: /secrets

Connect external secret vaults to store and retrieve infrastructure credentials securely:

  • Supported Vaults: AWS Secrets Manager, Azure Key Vault, HashiCorp Vault, OpenBao
  • Authentication: Configure vault-specific auth methods per connection
  • Default Vault: Set a default vault for resolving vault:// references across the platform
  • Connection Testing: Test and monitor vault connectivity with last-tested timestamps and error logs

Integrations

Path: /integrations

Configure third-party service integrations:

ServiceNow

  • Instance URL: Your ServiceNow instance endpoint
  • API Token: Authentication credentials
  • Assignment Group: Default group for auto-created tickets
  • Category / Subcategory: Default ticket classification
  • Enable/Disable: Toggle the integration without removing configuration
  • Connection Test: Verify connectivity from the UI
  • CMDB Sync: Import and sync CMDB classes; mark sensitive CI data for encryption

User Profile

Path: /profile

Each user can manage their own account settings:

  • Display Name: Update your name shown across the platform
  • Avatar: Upload, change, or remove your profile picture
  • Password: Change your password (minimum 12 characters)
  • MFA: Enable or disable two-factor authentication
  • Backup Codes: Regenerate MFA backup codes

Super Admin Settings

These settings are only accessible to users with the SUPER_ADMIN role. They control instance-level behaviour across all organisations.

Super Admin Dashboard

Path: /super-admin

Instance-wide analytics and health overview:

  • Organisation growth over time
  • User activity trends
  • Terraform run activity
  • Environment creation stats
  • Suspension activity

Organisation Management

Path: /super-admin/organizations

Manage all organisations on the instance:

  • View, create, and edit organisations
  • Suspend or reactivate organisations
  • View per-org resource usage and limits

Instance Licensing

Path: /super-admin/licensing

Manage the instance-level licence (primarily for SELF_HOSTED deployments):

  • View instance licence tier and status
  • Activate or update the instance licence key
  • Monitor organisation count against licence limits

System Settings

Path: /super-admin/settings

Global settings that apply across all organisations:

  • Global Signup: Enable or disable new user registration across the entire instance
  • Maintenance Mode: Suspend all user access across the instance (useful during upgrades or incidents)

Activity Log

Path: /super-admin/activity-log

Instance-wide audit trail for super admin actions across all organisations.

Next Steps