Skip to content

Tenant settings

Tenant settings are tenant-scoped overrides for cosmetic and policy defaults. Admins on the active tenant can change them; the changes apply immediately for everyone in that tenant.

Branding

  • Logo — SVG or PNG. Replaces the top-left brand. Maximum 256 KiB.
  • Favicon — SVG or PNG. Used as the browser tab icon.
  • Primary colour — applied to navigation accents, buttons, badges. Must pass AA contrast against both white and black; the picker shows a contrast warning.
  • Accent colour — used on hover and focus rings.
  • Product display name — overrides "Ampora" in the tab title and the top-left brand text. Free text up to 32 chars.

Login wall

Markdown rendered above the OIDC login button. Use it for legal notices, support contact, MOTD. No images, no scripts; safe HTML allow-list applies.

Dark mode

  • auto (default) — follow system preference.
  • light / dark — force one mode regardless of system.

The toggle in the user menu lets each user override per-session.

Defaults

The Defaults panel sets per-tenant defaults that pre-populate wizards:

  • Default rollout strategy — Batch / Percentage / Canary step-up.
  • Default health gate thresholds — see Health gates.
  • Default policy approval mode — required / shadow.
  • Default poll interval for new GitOps sources.

Changing a default does not affect existing entities; only new entities created after the change pick it up.

Lint rules

Tenant-scoped lint rules live here too:

  • list with status (Active / Disabled),
  • per-rule severity (Error / Warning / Info),
  • expression body (in the same DSL as policies).

Lint rule changes follow the same approval flow as policies if your tenant has the four-eyes mode enabled.

Identity mapping

For multi-tenant deployments, the OIDC discriminator claim and value mapping live here:

  • Discriminator claim — which OIDC claim picks the tenant (default tenant or groups).
  • Match values — which values of that claim map to this tenant.
  • Role mapping — per match-value, the Ampora role to assign.

Edits invalidate cached sessions; users see a re-login prompt.

Audit

Every tenant-settings change is audited with the actor, the field that changed, and the before / after JSON. Pull all of these with a single audit-log filter.