Skip to Content
Settings & Administration

Settings, Permissions, Integrations & Approvals

This section covers every area where you configure how Orb Ledger behaves for your organization: company identity, team access, connected tools, developer wiring, and the approval process that governs high-stakes actions.

Settings Overview

What it is. A single unified hub — reachable at Settings — organized into five groups: Account, Organization, Team, Sales Setup, and Billing. A search bar filters the left rail. Unsaved changes are tracked per section; switching away prompts you to save or discard.

What you can do here. Access any sub-section based on your role. Owners and admins see all groups; managers and staff can edit only their personal profile and security settings. The rail shows setup-completion indicators for key sections so you can see at a glance what still needs filling in.

Who can access. All logged-in team members can reach Settings. Sections that require settings.manage (Organization group, Notifications) are visible and editable only by owners. Personal profile and password sections are open to everyone.

My Profile

What it is. Your personal name, phone, and avatar — the details that appear on your own records and activity throughout the CRM.

What you can do here. Update your display name, phone number, and profile photo.

Who can access. Every team member (no capability required).

Password & Security

What it is. Credential management for your own login, including password changes and any two-factor authentication controls.

What you can do here. Change your password. Two-factor authentication settings surface here when enabled for your organization.

Who can access. Every team member (no capability required).

Notifications

What it is. Controls for which email alerts and push notifications you receive — for example, low-cash-balance threshold alerts and key CRM activity digests.

What you can do here. Toggle individual notification types on or off.

Who can access. Owners only (settings.manage).

Company Profile

What it is. Your organization’s core identity record: the name, logo, contact details, invoice address, bio, website, and the legal entity name that prints on generated documents when it differs from the trading name.

What you can do here.

  • Set or update the company name, legal entity name, email, phone, location, and website.
  • Upload a logo (used on invoices and your public dealer page).
  • Write a multi-line invoice address that prints exactly as entered on invoices and wire-instruction PDFs.
  • Set an annual revenue target, used for performance tracking on the dashboard.
  • Toggle the “Allow the company account to go negative” financial control. When off (the default), purchases are blocked if the company account holds insufficient recorded cash. When on, company-funded purchases can proceed even if they push the company balance below zero. Investor and equity-partner funds are always protected regardless of this setting.

Your plan tier and organization slug are read-only — managed by Orb Ledger.

Who can access. Owners only (settings.manage).

Invoicing & Wire Details

What it is. The defaults baked into every invoice and wire-instruction document your organization generates — currency, timezone, invoice numbering, payment terms, standard notes, and the full bank wire block that buyers use to pay you.

What you can do here.

  • Set the default currency (USD, EUR, CHF, GBP, or ZAR) and timezone for your organization.
  • Configure the invoice number prefix and default payment terms.
  • Add standard invoice notes and a footer that prints on every generated invoice.
  • Enter complete wire instructions (bank name, beneficiary, account number, routing/ABA, SWIFT/BIC, and bank address). Wire instructions only appear on invoices when both bank name and account number are present — if either is missing, the payment block is omitted from generated documents.

A live preview shows exactly what buyers will see based on your current settings before you save.

Who can access. Owners only (settings.manage).

Business Hours

What it is. Your organization’s weekly operating schedule and out-of-office configuration. This drives the Smart Out-of-Office auto-reply system in the inbox: when a message arrives outside business hours, the system can automatically reply with your configured message.

What you can do here.

  • Set open and close times for each day of the week, or mark a day as closed.
  • Choose your business timezone.
  • Write a custom out-of-office message.
  • Enable or disable Smart OOO auto-replies globally.

Who can access. Owners only (settings.manage).

Public Page

What it is. A publicly visible dealer profile page that Orb Ledger hosts on your behalf, accessible to buyers and prospects without requiring them to log in. The page is controlled from Settings — its live/off status appears as a badge in the settings rail.

What you can do here. Configure your public page slug, specialties, WhatsApp contact number, and Instagram handle. Enable or disable the public page entirely.

Who can access. Owners only (settings.manage). The page itself is public once enabled.

Branding

What it is. Your organization’s accent color — the primary color applied to buttons, links, focus rings, and the payment page across the entire admin shell.

What you can do here. Pick from a curated palette of preset accents or enter any valid hex color. A live preview updates as you type. The setting persists to your org and takes effect immediately for all team members. Clearing the value reverts to the default navy.

Who can access. Owners only (settings.manage).

Team Members

What it is. The one place where CRM logins are created. Adding someone here generates a real, sign-in-able account immediately — no email invite is sent. The temporary password is shown once in a credential card with an explicit copy step; it cannot be retrieved afterward.

What you can do here.

  • Add a new team member: name, email, role (Owner, Manager, Staff, or Viewer), and an optional default commission percentage.
  • Copy the one-time temporary password immediately after creation.
  • View the full team roster with roles, join dates, and status.
  • Suspend a member (they lose access immediately but their records remain).
  • Remove a member (soft-deactivate; adding the same email again later restores the membership and history).
  • Update an existing member’s commission percentage.
  • Navigate directly to a member’s capability editor in Team & Permissions.

Non-Enterprise plans are limited to five seats. The Team Members section respects this limit.

Who can access. Owners only (team.manage, which is an owner-only capability).

Equity Partners

What it is. Owner-controlled management of company equity: who the founders are, what percentage of the company each owns, and how that ownership translates into profit splits. The live financial position (capital deployed, wallet balances, distributions) lives on the Finance overview; this section is the write surface for ownership configuration.

What you can do here.

  • Add a new equity partner with a name, ownership percentage, and optional notes. Total allocated equity can never exceed 100%.
  • Edit an existing partner’s name, ownership percentage, or notes. Edits go through a review step that shows the before/after profit impact before anything saves.
  • Delete a partner. Partners with no financial history require a single confirmation. Partners with recorded capital (wallets, ledger entries, contributions) require you to type the partner’s exact name to confirm — the data is soft-deleted and recoverable centrally, but removed from all CRM views.

When your organization’s approval policy covers equity changes, additions and edits are submitted for sign-off by another owner before taking effect.

Who can access. Owners only (payments.manage, which is an owner-only capability).

Payment Methods

What it is. The list of payment method options available in the invoice form’s payment method dropdown. You can customize this list to match how your business actually gets paid.

What you can do here. Add new payment methods, rename existing ones inline, toggle individual methods active or inactive, and delete methods that are no longer used.

Who can access. Owners only (settings.manage).

Status Options

What it is. Configuration for the dropdown options used across inventory modules — specifically Watch Condition and Box & Papers status values.

What you can do here. Add new option labels, toggle options active or inactive, and delete options that are no longer needed. Options are scoped per module; select the module first to manage its list.

Who can access. Owners only (settings.manage).

Subscription (Billing)

What it is. Your Orb Ledger plan, billing status, and upgrade options. Three paid tiers are available: Starter ($79/mo), Professional ($179/mo), and Enterprise ($349/mo). Annual billing saves 20%.

What you can do here.

  • View your current plan, subscription status, next billing date, and payment method on file.
  • Upgrade to a higher plan (routes through Stripe checkout).
  • Manage payment details, cancel, or view billing history through the Stripe customer portal.

Important: Billing is currently dormant in production. The upgrade flow is wired to Stripe, but live Stripe keys are not yet active. If you see a plan selector, treat it as a preview of upcoming functionality.

Who can access. Owners only (billing.manage, which is an owner-only capability).

Team & Permissions

What it is. The access-management hub for all existing team members. This page does not create accounts — accounts are created exclusively in Settings → Team Members. Here you adjust what each existing login can see and do.

What you can do here.

  • View all team members on the People tab, with their role and current access summary.
  • Expand any member’s capability editor to see every permission individually. Each switch shows whether the current value matches the role’s default or has been explicitly overridden for that person.
  • Toggle individual capabilities on or off for a specific person. Changes apply to that person only and take effect immediately.
  • Reset a per-person override back to the role’s default.
  • Change a member’s role (Owner, Manager, Staff, or Viewer). Role changes update the baseline capability set; per-person overrides that were explicitly set remain in place.
  • Remove a member from the organization (same effect as the remove action in Team Members).
  • View the Role defaults tab, which shows the full capability matrix for all roles — useful for understanding what a role grants before making individual overrides.

Owner-only capabilities (banking, crypto, team management, settings, integrations, API keys, billing, compliance, approval policies) cannot be granted to non-owners through per-person overrides. Those capabilities are structurally locked to the Owner role regardless of any override stored.

Who can access. All team members can view the page. Making changes (role changes, capability overrides, member removal) requires ownership — these mutations are owner-level actions in practice even though the page is broadly visible.

Integrations

What it is. The central hub for connecting Orb Ledger to external tools and services, as well as the gateway to developer surfaces (webhooks and API keys).

What you can do here. Connect and disconnect WhatsApp, Google Drive, email (SMTP), and any Nango-powered app. View connection status at a glance. Navigate to the dedicated setup page for each integration. Access the Webhooks and API Keys developer tools from the Developer panel on this page.

Who can access. Owners only (integrations.manage, which is an owner-only capability).

Email Integration

What it is. Per-organization SMTP configuration that routes outbound CRM email — invoices, quotes, and other client communications — through your own mailbox instead of the Orb Ledger default sender.

What you can do here.

  • Select your email provider: Gmail, Outlook, Office 365, or a custom SMTP host. Each preset auto-fills the correct host and port.
  • Enter SMTP credentials: host, port, TLS/SSL setting, username, and password (app password for Gmail/Outlook).
  • Set a From name, From email address, and optional Reply-To address.
  • Send a test email to a specified address to verify the connection before saving.
  • Disconnect the custom SMTP configuration (reverts to the Orb Ledger default sender).

Credentials are stored encrypted per organization.

Who can access. Owners only (integrations.manage).

Google Drive Integration

What it is. Automatic backups of your CRM data and uploaded files to a connected Google Drive account. The backup captures database records across all data categories and uploaded storage files (watch photos, documents).

What you can do here.

  • Connect a Google account via OAuth to authorize Drive access.
  • View connection status, the connected Google email, and the last backup summary (files uploaded, rows protected, any errors).
  • Trigger a manual backup on demand.
  • Review the breakdown of the last backup by data category.
  • Disconnect the Google Drive integration.

The page surfaces error details when a backup partially fails so you can diagnose and retry.

Who can access. Owners only (integrations.manage).

WhatsApp Integration

What it is. The guided connection flow for linking a WhatsApp number to your Orb Ledger account, enabling the inbox, broadcast messaging, and contact messaging features.

What you can do here.

  • Connect via QR code scan (WhatsApp Web / Baileys-based link) — scan the QR with the WhatsApp app on the phone that holds your business number. This is the supported connection method today.
  • View the current connection status: connected phone number, last synced time, and reconnect attempts.
  • Review today’s and this month’s messaging usage and AI auto-reply costs against your quota.
  • Disconnect and reset the WhatsApp session.

An Official WhatsApp Business API path (via BSP embedded signup) is shown as a forthcoming option but is not yet active.

Who can access. Owners only (integrations.manage).

API Keys

What it is. Programmatic access tokens for the Orb Ledger /v1 REST API. API keys let third-party tools, automation workflows, and custom integrations authenticate against your organization’s data.

What you can do here.

  • Create a new API key: give it a name, choose its scopes (read and/or write access per resource category — Messages, Chats, Contacts, Numbers, Webhooks, Quick Replies, Labels), and set an optional expiration (30 days, 90 days, 1 year, never, or a custom date).
  • Copy the raw token immediately after creation. It is shown exactly once and cannot be retrieved afterward.
  • View all active, expired, and revoked keys with creation date, last used timestamp, last IP address, 30-day request count, and expiration.
  • Open a detail view for any key to see its scopes and the last 30 days of request activity (method, path, HTTP status, IP).
  • Revoke a key immediately. Revocation is permanent — integrations using that key start receiving 401 errors within seconds.

Scopes should be set to the minimum needed for each integration. The API documentation is linked from the page header.

Who can access. Owners only (api_keys.manage, which is an owner-only capability).

Webhooks

What it is. Outbound HTTP callbacks that push real-time CRM events to any URL you control. Each delivery is signed with an HMAC signature (X-Webhook-Signature) so your receiver can verify authenticity.

What you can do here.

  • Register a new webhook: provide a name, destination URL, and the events to subscribe to.
  • Copy the signing secret immediately after creation — it is shown once and cannot be retrieved again. The page also shows HMAC verification code snippets in multiple languages to help you wire up your receiver.
  • View all registered webhooks with their URL, subscribed events, status (active / paused / auto-disabled), and last run/failure timestamps.
  • Toggle event subscriptions per webhook directly in the list.
  • Pause or resume any webhook.
  • Re-enable a webhook that was automatically disabled after repeated failures.
  • Fire a test event to verify your receiver is working, with a custom event type and JSON payload.
  • Navigate to the per-webhook log view (/admin/webhooks/[id]) to inspect delivery history, response bodies, and retry individual failed deliveries.
  • Delete a webhook (removes the webhook and its delivery logs).

A webhook that fails repeatedly is automatically set to auto_disabled status. It must be manually re-enabled after the underlying issue is resolved.

Who can access. Owners only (integrations.manage).

Approvals

What it is. A maker-checker workflow system that gates high-stakes actions behind a sign-off step before they execute. Any action covered by an active approval policy is intercepted, parked as a pending request, and must be approved by an eligible reviewer before the original action takes effect.

The page has three tabs: Needs action, History, and Policies.

What you can do here.

On the Needs action tab:

  • Reviewers see all pending requests sorted oldest-first. Expired requests are flagged.
  • Approve or reject any pending request with an optional note. Approving a payout also requires confirming that payment has been made and selecting a payment method.
  • For high-value actions above a configured threshold, the server enforces a typed-phrase confirmation before the approval is recorded.
  • For multi-approval policies (requiring more than one sign-off), each vote increments a progress counter without immediately executing the action.
  • Requesters see their own approved-but-not-yet-executed requests in a “Finalize to execute” section. Finalizing replays the exact original action — nothing is recorded until this step.

On the History tab:

  • View all requests (yours and others’) with filters by status (pending, approved, rejected) and domain (investor payouts, financial, sales, purchases, invoices, team/security, other).

On the Policies tab (owner-only):

  • Configure which actions require approval, which roles are subject to the policy, any amount or count threshold above which approval is triggered, how many approvers are required, which roles can approve, and whether an expiry window applies.
  • Certain owner-level actions (recording capital contributions, draws, and equity partner changes) can be configured to require a second owner’s sign-off — a maker-checker control where even owners need peer review.

Who can access.

  • Submitting an approval request: any team member with the approvals.request capability (Manager and Staff by default, plus Owner).
  • Reviewing (approving or rejecting) pending requests: requires approvals.review, which is an owner-level capability. Owners are the designated reviewers.
  • Managing policies: requires approvals.policy.manage, which is an owner-only capability.
  • All team members can view their own submitted requests in the History tab.
Broker & Seller Portals