Skip to main content
Instance administrators have full control over your self-hosted Plane deployment. This guide covers instance admin setup, permissions, and management capabilities.

What is an Instance Admin?

Instance admins are super users who can:
  • Configure instance-wide settings
  • Manage authentication providers
  • Control user signup and workspace creation
  • Add and remove other instance admins
  • Monitor instance health and usage
  • Manage integrations and API keys
Instance admin access is separate from workspace permissions. Instance admins can manage the entire Plane instance, not just individual workspaces.

First-Time Setup

When you deploy Plane for the first time, you’ll need to create the first instance admin.

Create First Admin via Web Interface

1

Access Admin Panel

Navigate to your Plane instance at the configured URL:
https://plane.example.com/admin
You’ll be redirected to the admin signup page.
2

Complete Signup Form

Fill in the required information:
  • Email: Your admin email address
  • Password: Strong password (minimum strength score: 3/4)
  • First Name: Your first name
  • Last Name: Your last name (optional)
  • Company Name: Your organization name
  • Telemetry: Enable/disable usage telemetry
Password strength is validated using zxcvbn. Weak passwords will be rejected.
3

Submit

Click “Create Admin Account” to complete setup.This will:
  • Create your user account
  • Register you as the first instance admin
  • Mark the instance as setup complete
  • Log you into the admin panel

Create Admin via Command Line

If you need to create an instance admin from the command line: 
# Enter the API container
docker exec -it api /bin/bash

# Create instance admin
python manage.py create_instance_admin [email protected]
Important: The user must already exist. If not, create the user first:
# Create user account
python manage.py createsuperuser --email [email protected]

# Then create instance admin
python manage.py create_instance_admin [email protected]
The create_instance_admin command is located at: plane/db/management/commands/create_instance_admin.py

Accessing the Admin Panel

Admin Sign In

Navigate to: 
https://plane.example.com/admin
Sign in with your instance admin credentials.

Admin Panel Sections

Once logged in, you’ll have access to:

General Settings

Configure instance name, telemetry, and basic settings

Authentication

Manage OAuth providers, signup settings, and login methods

Email

Configure SMTP settings for email notifications

AI & Integrations

Set up LLM, Unsplash, Slack, and other integrations

Image Settings

Configure file upload limits and storage

Instance Admins

Add or remove instance administrators

Managing Instance Admins

Adding Additional Admins

1

Navigate to Admins

In the admin panel, go to Instance Admins section.
2

Add Admin

Click “Add Admin” and enter the user’s email address.
The user must already have an account on the instance. If not, invite them as a regular user first.
3

Set Role

Select the admin role:
  • Admin (20): Full instance administration rights
Currently, only one role level exists, but the architecture supports future role expansion.
4

Confirm

Click “Add” to grant instance admin privileges.

Removing Admins

  1. Go to Instance Admins section
  2. Find the admin to remove
  3. Click the Remove button
  4. Confirm the action
Ensure at least one instance admin remains. You cannot remove the last admin.

Viewing All Admins

# Via API
curl -X GET https://plane.example.com/api/instances/admins/ \
  -H "Authorization: Bearer <admin-token>"
Response: 
[
  {
    "id": "uuid",
    "user": {
      "id": "uuid",
      "email": "[email protected]",
      "first_name": "John",
      "last_name": "Doe"
    },
    "role": 20,
    "created_at": "2024-01-15T10:30:00Z"
  }
]

Instance Configuration

General Settings

Configure basic instance information: 
Instance Name: Your Organization
Instance ID: auto-generated-uuid
Version: Current version (e.g., v0.23.0)
Edition: PLANE_COMMUNITY
Telemetry Settings:
  • Enable Telemetry: Send anonymous usage data to help improve Plane
  • Support Required: Allow Plane team to provide assistance

Authentication Settings

Control how users authenticate:

Signup & Login Methods

User Signup: Enabled/Disabled
Email/Password: Enabled/Disabled
Magic Link Login: Enabled/Disabled
When signup is disabled, only admins can invite new users.

OAuth Providers

Configure social authentication:
  1. Enable Google OAuth
  2. Add Client ID and Secret from Google Cloud Console
  3. Configure redirect URI: https://plane.example.com/auth/google/callback/
  4. Save settings
  1. Enable GitHub OAuth
  2. Add Client ID and Secret from GitHub Developer Settings
  3. Configure callback URL: https://plane.example.com/auth/github/callback/
  4. Save settings
  1. Enable GitLab OAuth
  2. Add Client ID and Secret from GitLab Application settings
  3. Configure redirect URI: https://plane.example.com/auth/gitlab/callback/
  4. Set GitLab host (for self-hosted GitLab)
  5. Save settings

Workspace Creation

Disable Workspace Creation: No
Set to “Yes” to restrict workspace creation to admins only.

Email Configuration

Set up SMTP for email notifications: 
SMTP Host: smtp.gmail.com
SMTP Port: 587
SMTP Username: [email protected]
SMTP Password: ••••••••
From Email: [email protected]
Use TLS: Yes
Use SSL: No
Test email configuration by sending a test email from the admin panel.

Integration Settings

AI Features

LLM Provider: OpenAI
API Key: sk-••••••••••••••••
Model: gpt-4
Enables AI-powered features like:
  • Smart issue suggestions
  • Auto-completion
  • Content generation

Unsplash Integration

Unsplash Access Key: your-access-key
Enables cover image selection from Unsplash.

Slack Integration

Slack Client ID: your-client-id
Slack Client Secret: your-client-secret
Enables Slack notifications and integrations.

File Upload Settings

Maximum File Size: 5 MB (5242880 bytes)
Adjust based on your storage capacity and user needs.

Instance Information API

Retrieve instance configuration programmatically: 
curl -X GET https://plane.example.com/api/instances/
Response: 
{
  "config": {
    "enable_signup": true,
    "is_workspace_creation_disabled": false,
    "is_google_enabled": true,
    "is_github_enabled": false,
    "is_gitlab_enabled": false,
    "is_magic_login_enabled": true,
    "is_email_password_enabled": true,
    "is_smtp_configured": true,
    "has_unsplash_configured": true,
    "has_llm_configured": false,
    "file_size_limit": 5242880,
    "admin_base_url": "https://plane.example.com/admin",
    "space_base_url": "https://plane.example.com/spaces",
    "app_base_url": "https://plane.example.com"
  },
  "instance": {
    "instance_name": "Your Organization",
    "instance_id": "uuid",
    "current_version": "v0.23.0",
    "latest_version": "v0.23.0",
    "edition": "PLANE_COMMUNITY",
    "is_setup_done": true,
    "is_telemetry_enabled": true,
    "workspaces_exist": true
  }
}

Admin Session Management

Check Admin Session

curl -X GET https://plane.example.com/api/instances/admins/session/ \
  --cookie "sessionid=<session-cookie>"
Response: 
{
  "is_authenticated": true,
  "user": {
    "id": "uuid",
    "email": "[email protected]",
    "first_name": "John",
    "last_name": "Doe",
    "avatar": "https://...",
    "is_instance_admin": true
  }
}

Sign Out

Navigate to: 
https://plane.example.com/admin/sign-out
Or via API: 
curl -X POST https://plane.example.com/api/instances/admins/sign-out/ \
  --cookie "sessionid=<session-cookie>"

Permission Model

Instance admin permissions are enforced through the InstanceAdminPermission class: 
from plane.license.api.permissions import InstanceAdminPermission

class ProtectedView(APIView):
    permission_classes = [InstanceAdminPermission]
This ensures only users with InstanceAdmin role can access protected endpoints.

Admin Database Model

Instance admins are stored in the instance_admins table: 
class InstanceAdmin(BaseModel):
    user = ForeignKey(User, on_delete=SET_NULL)
    instance = ForeignKey(Instance, on_delete=CASCADE)
    role = PositiveIntegerField(choices=ROLE_CHOICES, default=20)
    is_verified = BooleanField(default=False)

    class Meta:
        unique_together = ["instance", "user"]
Fields:
  • user: Link to User model
  • instance: Link to Instance model
  • role: Admin role (currently only 20 = Admin)
  • is_verified: Verification status (future use)

Security Best Practices

1

Use Strong Passwords

Require minimum password strength score of 3/4 using zxcvbn validation.
2

Limit Admin Access

Only grant instance admin privileges to trusted team members who need full access.
3

Enable 2FA

If your authentication provider supports it, enable two-factor authentication for admin accounts.
4

Regular Audits

Periodically review the list of instance admins and remove users who no longer need access.
5

Monitor Admin Actions

Check admin panel logs regularly:
docker compose logs api | grep "instance_admin"
6

Secure Environment Variables

Protect your .env file and never commit credentials to version control.

Troubleshooting

Cannot Access Admin Panel

Issue: 401 Unauthorized or redirect loop Solutions:
  1. Verify you’re using an instance admin account
  2. Check session cookie is present
  3. Clear browser cookies and sign in again
  4. Verify instance is properly configured: 
    docker compose logs api | grep "Instance registered"

Admin Creation Fails

Issue: User with the provided email does not exist Solution: Create the user account first: 
docker exec -it api python manage.py createsuperuser --email [email protected]
docker exec -it api python manage.py create_instance_admin [email protected]

Multiple Admins with Same Email

Issue: UNIQUE constraint failed: instance_admins.instance_id, instance_admins.user_id Solution: The user is already an instance admin. Check existing admins: 
docker exec -it api python manage.py shell -c \
  "from plane.license.models import InstanceAdmin; print(InstanceAdmin.objects.all())"

Instance Not Setup

Issue: Instance is not registered yet Solution: Register the instance: 
docker exec -it api python manage.py register_instance

Password Too Weak Error

Issue: PASSWORD_TOO_WEAK error during admin signup Solution: Use a stronger password. Requirements:
  • Minimum length: 8 characters
  • zxcvbn strength score: ≥3
  • Mix of uppercase, lowercase, numbers, and symbols recommended

API Endpoints Reference

EndpointMethodDescriptionAuth Required
/api/instances/GETGet instance infoNo
/api/instances/PATCHUpdate instance settingsInstance Admin
/api/instances/admins/GETList all adminsInstance Admin
/api/instances/admins/POSTAdd new adminInstance Admin
/api/instances/admins/<id>/DELETERemove adminInstance Admin
/api/instances/admins/me/GETGet current admin userInstance Admin
/api/instances/admins/session/GETCheck admin sessionNo
/admin/sign-up/POSTCreate first adminNo (first time only)
/admin/sign-in/POSTAdmin sign inNo
/admin/sign-out/POSTAdmin sign outInstance Admin

Next Steps

Configuration

Explore all configuration options

Backup & Recovery

Set up automated backups

Build docs developers (and LLMs) love

Get started for freeTalk to us