Skip to content

AXITRAQ Administrator Guide

Version: 1.0 Last Updated: 2026-05-07 Applies to: AXITRAQ Platform (axitraq.app)

Introduction

This guide is for administrators and company owners who manage an AXITRAQ account. It covers everything you need to configure, secure, and maintain your organisation on the platform — from setting up your company and offices through to managing users, permissions, notifications, and billing.

Whether you are onboarding your team for the first time or fine-tuning your configuration months into using the platform, this manual provides step-by-step procedures for every administrative task available to you.

Who Should Read This Guide

  • Company Owners — the person who created the AXITRAQ account and holds full administrative control.
  • Administrators — users assigned the admin or owner user class who manage people, settings, and permissions on behalf of the organisation.
  • IT or Operations Managers — staff responsible for security policy, 2FA enforcement, and platform configuration.

How to Use This Guide

Each section is self-contained. Use the table of contents below to jump directly to the task you need. Procedures are written as numbered steps you can follow in order. Tips and best practices are called out where relevant.

Table of Contents

  1. Company Management
  2. Offices and Branches
  3. Departments
  4. User Management
  5. User Types and Custom Roles
  6. Permissions
  7. Two-Factor Authentication (2FA)
  8. Notification Settings
  9. System Settings
  10. Subscription and Billing
  11. Audit Logging
  12. Security Best Practices

1. Company Management

Your company profile is the foundation of your AXITRAQ account. It stores your business details, contact information, timezone, and asset prefix configuration.

Location: Manage > Company (/base/manage/company/)

Viewing Company Details

The company page displays:

Field Description
Company Name Registered business name
Trading Name Name your business trades under (if different)
ABN Australian Business Number
ACN Australian Company Number
Domain Your company's web domain
Email Primary company email address
Phone Primary company phone number
Website Company website URL
Address Registered business address
Owner / Contact Name of the account owner or primary contact
Owner Email Email address of the account owner
Owner Phone Phone number of the account owner
Timezone Timezone used for scheduling, alerts, and timestamps
Asset Prefix Prefix applied to auto-generated asset codes (e.g., "AXT" produces AXT-0001, AXT-0002)
Current Plan Your active subscription plan, shown as a badge
Status Account status — Active or Inactive
Subscription Status Current subscription standing
Billing Cycle Monthly or Annual billing
Next Billing Date Date of the next scheduled payment
Payment Method Card or payment method on file

Editing Company Details

  1. Navigate to Manage > Company.
  2. Click the Edit button, or go directly to /base/manage/company/edit/.
  3. Update any of the fields listed above.
  4. Click Save to apply your changes.

Tip: Set your Asset Prefix early. This prefix is used when AXITRAQ automatically generates asset codes for new assets. Changing it later will only affect newly created assets — existing asset codes remain unchanged.

Tip: Ensure your timezone is correct. It affects when scheduled notifications fire, how timestamps appear in reports, and when cron-based alerts (such as registration expiry checks) run relative to your local time.

2. Offices and Branches

Companies can have multiple offices or branches. Offices help you organise your operations by physical location and are referenced when assigning employees, assets, and departments.

Location: Manage > Company (/base/manage/company/)

Adding an Office

  1. Navigate to Manage > Company.
  2. Scroll to the Offices section.
  3. Click Add Office.
  4. Enter the office Name (e.g., "Sydney Head Office", "Brisbane Depot").
  5. Enter the office Address.
  6. Click Save.

Editing an Office

  1. In the Offices section, click Edit next to the office you want to modify.
  2. Update the name or address.
  3. Click Save.

Deleting an Office

  1. Click Delete next to the office.
  2. A confirmation prompt will appear (CSRF-protected to prevent accidental deletion).
  3. Confirm the deletion.

Tip: Before deleting an office, check whether any employees, assets, or departments are still assigned to it. Reassign them first to avoid orphaned records.

3. Departments

Departments allow you to organise your workforce and assets into logical groups. AXITRAQ supports hierarchical departments, so you can nest sub-departments under parent departments to reflect your organisational structure.

Location: Manage > Departments (/base/manage/departments/)

Department Fields

Field Description
Name Department name (e.g., "Maintenance", "Fleet Operations")
Code Short code for internal reference
Description Optional description of the department's function
Status Active or Inactive
Parent Department Optional — select a parent to create a hierarchy

Creating a Department

  1. Navigate to Manage > Departments.
  2. Click Add Department.
  3. Fill in the Name, Code, and Description.
  4. If this is a sub-department, select a Parent Department from the dropdown.
  5. Set the status to Active.
  6. Click Save.

Editing a Department

  1. Click Edit next to the department in the list.
  2. Make your changes.
  3. Click Save.

Deleting a Department

  1. Click Delete next to the department.
  2. Confirm the deletion in the prompt.

All create, update, and delete operations on departments are protected by CSRF tokens and are recorded in the audit log.

Plan Quotas

Your subscription plan limits the number of departments you can create. If you reach your limit, the platform will display a message indicating your current count, the plan limit, and a prompt to upgrade. Check your plan's department allowance under Manage > Company in the Subscription section.

Tip: Use the hierarchical structure to keep your department list manageable. For example, rather than creating "Maintenance — Sydney" and "Maintenance — Brisbane" as separate top-level departments, create a "Maintenance" parent and nest location-specific departments beneath it.

4. User Management

Users are the people who log in to the AXITRAQ platform. Every employee or contractor who needs access to the web dashboard, audit app, or operator app requires a user account.

Location: Manage > Users (/base/manage/users/)

User List

The user list displays:

Column Description
Username Login username
Email User's email address
User Type Displayed as a role badge (e.g., "Admin", "Fleet Manager") alongside the user class
Status Active, Locked, or Inactive
Last Login Date and time of the user's most recent login
2FA Shows "On" or "Off" indicating whether two-factor authentication is enabled
Actions Edit and Permissions buttons

Adding a New User

  1. Navigate to Manage > Users.
  2. Click Add User (or go to /base/manage/users/add/).
  3. Enter the username, email address, and password.
  4. Select a User Class — this determines the user's base access level:
  5. Owner — full access to all sections (one per account, typically the account creator)
  6. Admin — full access to all sections
  7. Manager — access determined by permissions
  8. User — standard access determined by permissions
  9. Operator — field worker with minimal dashboard access, primarily uses the mobile app
  10. Optionally assign a Custom Role (e.g., "Fleet Manager", "Site Supervisor"). Custom roles are labels that help identify a user's function and can carry default permission sets.
  11. Click Save.

Tip: When onboarding a new team member, create the employee or contractor record first (under Manage > Employees or Manage > Contractors), then create their user account from the User Account tab on their profile. This links the user to their employee record automatically.

Editing a User

  1. Navigate to Manage > Users.
  2. Click Edit next to the user, or go to /base/manage/users/edit/?id=X.
  3. Update fields as needed — role, status, email, password, 2FA settings.
  4. Click Save.

Locking and Unlocking Users

To temporarily prevent a user from logging in without deleting their account:

  1. Edit the user.
  2. Change the Status to Locked.
  3. Save.

The user will be unable to log in until an administrator changes their status back to Active. Locked users retain all their data, permissions, and history.

Deactivating a User

To permanently remove a user's access:

  1. Edit the user.
  2. Change the Status to Inactive.
  3. Save.

Inactive users cannot log in and do not count towards your plan's user quota.

Tip: Prefer locking over deactivating when the situation is temporary (e.g., an employee on extended leave). Deactivate accounts only when the person has permanently left the organisation.

5. User Types and Custom Roles

AXITRAQ provides a flexible role system with built-in user classes and the ability to create unlimited custom roles.

Built-In User Classes

Class Scope Access
admin Platform-wide Full access to all sections automatically. Can switch into any company (platform administrators only).
owner Single company Full access to all sections automatically. The account holder.
manager Single company Access determined by permissions assigned per user.
user Single company Access determined by permissions assigned per user.
operator Single company Designed for field workers using the mobile or tablet app.

Owner and admin users always have access to every section of the platform. Their permissions cannot be restricted.

Creating Custom Roles

Custom roles let you define named positions (e.g., "Fleet Manager", "Warehouse Lead", "Site Supervisor") with pre-configured default permissions.

  1. Navigate to Manage > Settings.
  2. Open the User Types tab.
  3. Click Add Role.
  4. Enter the role Name and Description.
  5. Select a Base Permission Level — this determines which permissions are turned on by default when a user is assigned this role.
  6. Configure the default permissions for each section.
  7. Click Save.

Applying Default Permissions

After creating or updating a custom role, you can push its default permissions to all users currently assigned that role:

  1. Open the role in Settings > User Types.
  2. Click Apply Defaults.
  3. All users with this role will have their permissions updated to match the role's default set.

Tip: Use custom roles to standardise access across your organisation. When a new Fleet Manager starts, assign them the "Fleet Manager" role and their permissions are already configured.

6. Permissions

Permissions control which sections of the platform a user can see and interact with. Owner and admin users bypass the permission system entirely — they always have full access.

Location: Manage > Users > Permissions (/base/manage/users/permissions/?id=X)

How Permissions Work

For manager, user, and operator class users, access to each section is controlled individually through a can_view permission. When a section permission is disabled for a user, it is completely hidden — the sidebar navigation item does not appear and direct URL access is blocked.

Available Permission Sections

Section Key Controls Access To
dashboard Main dashboard and widgets
audit Audit app interface
manage.assets Asset management
manage.employees Employee management
manage.contractors Contractor management
manage.clients Client management
manage.checklists Checklists and forms
manage.labels Labels and QR codes
manage.inspections Inspections
manage.registration Registration and compliance
manage.timesheets Timesheets
manage.qualifications Qualifications matrix
manage.reports Reports and analytics
manage.orders Label shop orders
manage.purchase_orders Purchase orders
manage.users User management
manage.notifications Notification settings
manage.messaging Messaging and SMS
manage.settings System settings
app Mobile / operator app

Setting Permissions for a User

  1. Navigate to Manage > Users.
  2. Click Permissions next to the user.
  3. Toggle each section on or off.
  4. Click Save.

The sidebar dynamically updates to show only the sections the user has permission to access. Users will not see navigation items for sections they cannot access.

Tip: Start with the minimum permissions a user needs to do their job, then add more as required. This follows the principle of least privilege and keeps your platform secure.

Tip: When multiple users share the same responsibilities, use custom roles (see Section 5) to apply a consistent permission set rather than configuring each user individually.

7. Two-Factor Authentication (2FA)

AXITRAQ supports two-factor authentication using the TOTP standard (RFC 6238). 2FA adds a critical layer of security by requiring a time-based 6-digit code in addition to the password at login.

Supported Authenticator Methods

Method Description
AXITRAQ Mobile App The AXITRAQ app itself acts as the authenticator. Enrollment is automatic via API — no QR code scanning needed.
External Authenticator Google Authenticator, Authy, Microsoft Authenticator, or any TOTP-compatible app. Enrollment uses a QR code.

Both methods produce the same 6-digit codes and are fully interchangeable from the platform's perspective.

Enforcing 2FA for a User

  1. Navigate to Manage > Users > Edit for the target user.
  2. Enable the Require 2FA checkbox.
  3. Save.

When 2FA is required: - Admin and owner users are redirected to the 2FA setup page on every web login until they complete enrollment. - The user must enrol with either the AXITRAQ app or an external authenticator before they can proceed.

How Users Enrol in 2FA

Users self-enrol from My Account > Two-Factor Auth:

  1. Click Enable Two-Factor Authentication.
  2. Choose a method — AXITRAQ App or External Authenticator.
  3. AXITRAQ App path: Open the AXITRAQ mobile app and refresh the Home Screen. The app detects the pending enrollment and displays a 6-digit code. Enter the code on the web form.
  4. External Authenticator path: Scan the displayed QR code with the authenticator app. Enter the 6-digit code shown in the authenticator.
  5. Upon successful verification, 2FA is activated and 8 backup codes are displayed. These are shown once only — the user must save them securely.

Resetting 2FA for a User

If a user loses access to their authenticator and their backup codes:

  1. Navigate to Manage > Users > Edit for the user.
  2. Click Reset 2FA.
  3. This deletes the user's 2FA enrollment and clears the requirement.
  4. The user will need to re-enrol on their next login if 2FA is still required by policy.

Backup Codes

Each user receives 8 single-use backup codes when they enrol in 2FA. These codes can be used in place of the 6-digit authenticator code if the user cannot access their authenticator. Backup codes can be regenerated from My Account > Two-Factor Auth (requires a current TOTP code to regenerate).

Trusted Devices

Users can mark a browser as "trusted" during 2FA verification. Trusted devices bypass the 2FA prompt on subsequent logins.

  • Users can view and revoke their trusted devices from My Account > Trusted Devices.
  • Administrators can view and revoke a user's trusted devices from the user's edit page.

Tip: Enforce 2FA for all admin, owner, and manager-level users as a minimum. Consider enforcing it organisation-wide for maximum security.

Tip: Remind users to store their backup codes in a secure location (password manager, printed copy in a safe). If they lose both their authenticator and backup codes, only an administrator can reset their 2FA.

8. Notification Settings

AXITRAQ provides a configurable notification system that alerts the right people about important events. Administrators control which notification types are active and how they are delivered.

Location: Manage > Notifications (/base/manage/notifications/)

Notification Types

Type Description
Maintenance Request New maintenance requests submitted and status updates on existing ones
Maintenance Overdue Maintenance requests that have passed their due date without resolution
Timesheet Submitted An employee has submitted a timesheet for approval
Timesheet Approved A timesheet has been approved or rejected
Inspection Due A scheduled inspection is approaching its due date
Inspection Failed An inspection has returned a fail result
Registration Expiry An asset's registration is approaching its expiry date
Qualification Expiry An employee's qualification or licence is approaching its expiry date
Checklist Submitted A pre-start or post-stop checklist has been submitted
Asset Status Change An asset's status has been changed (e.g., from Active to Out of Service)

Delivery Channels

Each notification type can be delivered through one or more channels:

Channel Description
Email Sent to the user's registered email address using branded AXITRAQ templates
In-App Appears in the notification feed on the dashboard and as a badge on the sidebar bell icon
SMS Sent via Twilio to the user's mobile number. Only available if SMS is enabled for your company.

Configuring Notification Preferences

  1. Navigate to Manage > Notifications.
  2. For each notification type, toggle the desired delivery channels on or off.
  3. Save your changes.

Users can also adjust their own notification preferences from their account settings, within the boundaries set by the administrator.

Tip: Enable email notifications for critical alerts like Registration Expiry and Qualification Expiry. These are time-sensitive compliance items that should not be missed.

Tip: If your company uses Twilio SMS, reserve SMS notifications for genuinely urgent items (Inspection Failed, Maintenance Overdue). Overusing SMS can lead to alert fatigue and increased costs.

9. System Settings

The Settings page provides company-wide configuration options across multiple tabs.

Location: Manage > Settings (/base/manage/settings/)

Settings Tabs Overview

Tab Purpose
General Application name, version information, maintenance mode
Employment Awards, Superannuation Funds, Tax Categories
Preferences Unit-of-measure toggles, default working hours
Job Types Custom job type management
User Types Custom role management with default permissions
Reward Rules Employee reward point configuration
API Keys Create, list, and revoke REST API keys
Encryption Customer-level encryption settings for sensitive documents
System PHP/MySQL version info, disk usage, database statistics

Employment Configuration

The Employment tab manages three types of records used across employee profiles:

Awards

Awards represent employment awards or agreements that apply to your workforce (e.g., "Building and Construction General Award").

  1. Open Settings > Employment.
  2. In the Awards section, click Add Award.
  3. Enter the award Name, Code, and Description.
  4. Click Save.

Awards can be assigned to individual employees on their profile page. Edit or delete existing awards from the same section.

Superannuation Funds

Track the superannuation funds your employees contribute to.

  1. In the Superfunds section, click Add Superfund.
  2. Enter the fund Name, USI (Unique Superannuation Identifier), and ABN.
  3. Click Save.

Tax Categories

Define tax categories for payroll classification.

  1. In the Tax Categories section, click Add Tax Category.
  2. Enter the category Name, Code, and Description.
  3. Click Save.

Tip: Configure your awards, superfunds, and tax categories before onboarding employees. This ensures the correct options are available when setting up employee profiles and avoids having to go back and update records later.

API Keys

If your organisation integrates AXITRAQ with external systems (payroll, ERP, custom tools), you can create REST API keys from the API Keys tab.

  1. Open Settings > API Keys.
  2. Click Create API Key.
  3. Assign scopes to the key (e.g., assets:read, employees:read, timesheets:read, reports:read).
  4. Set an optional expiry date and rate limit.
  5. Save the key. The full key is displayed once — copy and store it securely.

API keys authenticate via Bearer token or X-API-Key header. Full API documentation is available at /api/v1/docs.php.

Tip: Create separate API keys for each integration with only the scopes it needs. This limits the impact if a key is compromised. Revoke keys immediately when an integration is decommissioned.

Encryption Settings

AXITRAQ supports customer-level encryption for sensitive documents using AWS KMS. The Encryption tab allows you to manage which document types are encrypted at rest.

Default encrypted document types include licences, certificates, qualifications, identification documents, and signatures. Encryption is transparent — files are encrypted on upload and decrypted on download with no action required from users.

10. Subscription and Billing

Your subscription determines the resources available to your organisation — how many users, assets, departments, and other entities you can create.

Viewing Your Subscription

Your current plan and billing details are displayed on the Manage > Company page in the Subscription and Billing section:

  • Current Plan — shown as a badge (Basic, Standard, Premium, Enterprise, or Custom)
  • Billing Cycle — Monthly or Annual
  • Next Billing Date — when your next payment is due
  • Payment Method — the card or payment method on file
  • Subscription Status — Active, Trial, Suspended, Cancelled, or Expired

Plan Quotas

Each plan defines limits for key resources:

Resource Basic Standard Premium Enterprise
Offices / Departments 1 2 4 Custom
Managers 1 2 4 Custom
Employees / Operators 10 25 50 Unlimited
Contractors -- 10 20 Unlimited
Managed Assets 100 250 600 Unlimited
Parts / Materials 200 500 1,200 Unlimited

When you reach a quota limit, the platform displays a clear message showing your current count, the plan limit, and a prompt to upgrade.

Updating Your Payment Method

  1. Navigate to Manage > Company.
  2. In the Subscription and Billing section, click Update Payment Method.
  3. A secure card entry form appears (powered by Stripe).
  4. Enter the new card details and confirm.

Changing Your Plan

  1. On the Company page, click Change Plan.
  2. A plan comparison modal displays available plans and their quotas.
  3. Select your desired plan.
  4. Confirm the change.

Plan changes take effect immediately. If upgrading, the new quotas are available right away. If downgrading, ensure your current usage is within the new plan's limits first.

Cancelling Your Subscription

  1. On the Company page, click Cancel Subscription.
  2. A confirmation prompt explains what will happen.
  3. Confirm the cancellation.

After cancellation, your account remains accessible until the end of the current billing period. You can reactivate at any time before it expires.

Invoice History

Invoice history is available on the Company page, sourced from Zoho Subscriptions. You can view past invoices, amounts, and payment dates.

Tip: Annual billing saves 15% compared to monthly billing. If you are committed to using AXITRAQ long-term, switching to annual billing reduces your costs.

11. Audit Logging

AXITRAQ maintains a comprehensive audit trail of administrative actions. Every significant change is logged with the action type, the user who performed it, a timestamp, and a description of what changed.

What Is Logged

  • User account creation, updates, and deactivation
  • Permission changes
  • Department creation, updates, and deletion
  • Company detail changes
  • Settings modifications
  • 2FA enrollment and resets
  • Login attempts (successful and failed)
  • Asset, employee, and contractor record changes

Viewing the Audit Log

The audit log is accessible from Manage > Audit (requires the audit permission). Entries include:

Field Description
Timestamp When the action occurred
User Who performed the action
Action The type of action (create, update, delete, login, etc.)
Description A detailed summary of what changed
User Agent The browser or device used

Tip: Review the audit log periodically for unexpected activity — particularly failed login attempts, permission changes, and user account modifications. This is a key part of maintaining your platform's security posture.

12. Security Best Practices

Maintaining a secure AXITRAQ environment is a shared responsibility between the platform and your organisation. The following recommendations will help you protect your account and data.

User Account Security

  1. Enforce 2FA for all privileged users. At minimum, all admin, owner, and manager-class users should have 2FA enabled. Consider enforcing it organisation-wide.
  2. Use strong, unique passwords. AXITRAQ enforces password complexity requirements, but remind users not to reuse passwords from other services.
  3. Deactivate accounts promptly. When someone leaves your organisation, deactivate their user account immediately. Do not wait — an active account for a departed employee is a security risk.
  4. Review trusted devices. Periodically audit the trusted devices list for your users. Revoke any devices that are no longer in use or recognised.

Permission Management

  1. Apply the principle of least privilege. Grant each user only the permissions they need to perform their role. Start minimal and add permissions as needed.
  2. Use custom roles for consistency. Define roles for common positions and apply them using the User Types feature. This prevents permission drift between users with the same responsibilities.
  3. Audit permissions regularly. At least quarterly, review user permissions to ensure they still align with each person's current role. People change roles, and permissions should change with them.

Monitoring and Response

  1. Review the audit log. Check for unusual patterns — failed logins from unexpected locations, after-hours permission changes, or bulk record modifications.
  2. Act on failed login alerts. Multiple failed login attempts for a single user may indicate a brute-force attack. AXITRAQ rate-limits login attempts (10 per 15 minutes), but you should still investigate persistent failures.
  3. Keep notification channels active. Ensure critical notifications (maintenance overdue, inspection failed, registration expiry) are reaching the right people. Missed alerts can lead to compliance gaps.

Data Protection

  1. Enable document encryption. Use the customer-level encryption feature (Settings > Encryption) for sensitive documents like licences, certifications, and identification records.
  2. Limit API key scope. When creating API keys for integrations, grant only the scopes the integration requires. Set expiry dates and revoke unused keys.
  3. Back up your backup codes. Remind all 2FA-enabled users to store their backup codes securely. Lost backup codes combined with a lost authenticator will require an administrator to reset 2FA access.

Quick Reference

Key URLs

Page URL
Company Management /base/manage/company/
Edit Company /base/manage/company/edit/
Departments /base/manage/departments/
User List /base/manage/users/
Add User /base/manage/users/add/
Edit User /base/manage/users/edit/?id=X
User Permissions /base/manage/users/permissions/?id=X
Notifications /base/manage/notifications/
Settings /base/manage/settings/
My Account /base/account/
API Documentation /api/v1/docs.php

User Class Summary

Class Full Access Permissions Configurable Typical Use
Owner Yes No (always full) Account holder
Admin Yes No (always full) Platform administrator
Manager No Yes Department heads, supervisors
User No Yes Office staff, coordinators
Operator No Yes Field workers, drivers, operators

Notification Type Reference

Type Key Trigger
maintenance_request New request or status update
maintenance_overdue Request past due date
timesheet_submitted Employee submits timesheet
timesheet_approved Timesheet approved or rejected
inspection_due Upcoming scheduled inspection
inspection_failed Inspection result is fail
rego_expiry Registration approaching expiry
qualification_expiry Qualification approaching expiry
checklist_submitted Pre-start checklist submitted
asset_status_change Asset status changed

Getting Help

If you need assistance with any administrative task:

  • Dash AI Assistant — available 24/7 within the platform. Click the Dash icon to ask questions and get instant, context-aware answers about any AXITRAQ feature.
  • Priority Human Support — available on Premium and Enterprise plans. Dash can escalate your question to a human support agent with full context preserved.
  • Knowledge Base — browse the full documentation at wiki.axitraq.com.

AXITRAQ Administrator Guide -- Aditech Pty Ltd -- 2026 This document is maintained as part of the AXITRAQ platform documentation and serves as a knowledge base for the Dash AI assistant.