Appearance
System Admin Journey
Role: Platform-level management: tenant onboarding, feature flags, policy configuration, operator onboarding
Org: Kaya Sync
Scope: Platform-wide
Preconditions
- System Admin account provisioned at platform bootstrap
- Has access to all configuration, policy, and user management functions
1. Tenant (Client) Onboarding
Step 1.1: Create Client Organisation
- System Admin creates a new tenant/client on the platform
- Fields: Organisation name, type (agribusiness, 3PL, FMCG, government, etc.), primary contact, billing tier
Step 1.2: Configure Feature Flags (Module Selection)
Each client gets a tailored set of modules. System Admin activates/deactivates per client:
| Module | Name | Notes |
|---|---|---|
| M0 | Platform Foundation | Always included |
| M1 | Container Model | Core custody |
| M1A | AI Produce Heap Scan | Early adoption or add-on |
| M2 | Operator Network & Device Governance | Core for payout clients |
| M3 | Proof-of-Custody | Core |
| M4 | AI-Gated Settlement Rail | Core for payout clients |
| M5 | Start-of-Day Capacity | Recommended |
| M6 | Real-Time Orchestration Optimiser | Add-on |
| M7 | Fraud & Collusion Automation | Core for payout clients |
| M8 | Low-Literacy UX Toolkit | Field operators |
| M9 | Offline Resilience | Field operators |
| M10 | Governance & Audit Export | Enterprise / regulatory |
| M11 | Carbon Impact Ledger | ESG clients |
| M12 | Enterprise Portal & Integrations | Enterprise clients |
| M13 | GovTech Formalisation | Government clients only |
Step 1.3: Set Policy Parameters (per client)
System Admin configures the policy engine for the client's corridor and operational context:
| Parameter | Description |
|---|---|
GEO_PROXIMITY_RADIUS_METRES | Max distance for co-located handoffs |
HANDOFF_TIME_WINDOW_SECONDS | Max time between handover and receive scans |
OCR_CONFIDENCE_MIN | Min OCR confidence for auto-accepting phone number extraction |
INTEGRITY_PASS_CONFIDENCE_MIN | Min confidence for PASS vs PASS_WITH_TOLERANCE |
MAX_HANDOFFS_PER_CONTAINER | Max custody transfers per container |
MIN_OPTIMISATION_SCORE | Min score for surfacing aggregation/disaggregation plays |
SCAN_RETENTION_DAYS | Media retention before archival |
Step 1.4: Create Client Manager Account
- System Admin creates account for the client's designated manager
- Assigns to the client organisation
- Client Manager account activated; login credentials sent via secure channel
2. Operator Onboarding (Supervised)
Step 2.1: Register Operator
- System Admin (or delegated Onboarding Officer) creates operator profile:
fullName,phoneNumber,idType,idNumber,trustTier
- Status set to
PENDING_VERIFICATION - Errors:
DUPLICATE_OPERATOR,INVALID_ID
Step 2.2: Assign Trust Tier
| Tier | Description |
|---|---|
TIER_1_PAYG | Kaya Sync-issued PAYG device, highest trust, fastest payout |
TIER_2_BYOD | Operator's own verified device, standard trust |
TIER_3_UNVERIFIED | Unverified, restricted privileges, no aggregation |
Step 2.3: Operator Activates Account
- Operator logs in via phone + OTP
- Binds their device
- Status moves to
ACTIVE
3. Device Management
Step 3.1: Manage Bound Devices
- View all devices bound to operators on the platform
- Revoke device binding if device is lost or compromised
- Block a specific device fingerprint: sets
DEVICE_BLOCKEDstatus
Step 3.2: PAYG Device Integration (optional)
- If MTN Enterprise PAYG device supply is active:
- Device provisioning hooks managed by System Admin
- Devices shipped pre-configured with TIER_1_PAYG binding
4. Platform Monitoring & Audit
Step 4.1: View Audit Log
- All administrative actions are fully traceable
- System Admin can view: who did what, on which entity, at what time
- Logs are immutable. Cannot be modified or deleted
Step 4.2: Observability
- System Admin has access to platform-wide metrics:
- Scan upload success rates
- Integrity outcome distributions
- Payout hold rates and reasons
- System latency SLA compliance
- Telemetry volume by corridor
Step 4.3: Security & Compliance
- PII minimisation enforced: only necessary phone numbers and ID data stored
- RBAC enforced: each role can only access what their scope permits
- All access to sensitive data (scans, payouts) is logged
Edge Cases
| Scenario | Behaviour |
|---|---|
| Duplicate operator phone number submitted | DUPLICATE_OPERATOR error; Admin reviews and resolves manually |
| Client requests a module not in their bundle | System Admin adds module via feature flag update; may trigger billing change |
| Device reported stolen | Admin immediately revokes device binding; operator must re-bind to a new device |
| Policy parameter change mid-active orders | Change applies to new scans/transfers only; in-flight operations follow the policy at the time of creation |