Admin Panel Overview

This document gives new operators a complete picture of the admin panel — what it contains, how the sections relate to each other, and the exact steps to take from first login to a fully configured, ready-to-launch casino.

Table of Contents

1. Accessing the admin panel
2. Admin panel structure
3. Admin roles and access control
4. First-time setup (step-by-step)
5. Dashboard reference
6. Daily operations checklist
7. Weekly operations checklist
8. Navigating between admin guides

1. Accessing the admin panel

The admin panel is a separate single-page application served at:

https://your-domain.com/admin

It uses its own JWT authentication guard. Admin accounts are entirely separate from player accounts — you cannot log in to the admin panel with a player account.

Default credentials

Change these immediately on first login. The default password is set by the seeder for first-access only and must not remain in production.

Two-factor authentication (2FA)

All admin accounts require TOTP two-factor authentication. On first login:

1. Go to your admin profile (top-right menu → Profile)
2. Click Enable 2FA
3. Scan the QR code with an authenticator app (Google Authenticator, Authy, 1Password, etc.)
4. Enter the 6-digit confirmation code to activate

Every subsequent login requires both your password and the current 6-digit TOTP code.

Lost access to your TOTP device? A system administrator can reset 2FA from the RBAC admin user management page, or via the server command line:

php artisan tinker
>>> AppModelsAdminUser::where('email', 'admin@casino.com')
...   ->update(['two_factor_enabled' => false, 'two_factor_secret' => null]);

Re-enable and re-scan the QR code immediately after regaining access.

2. Admin panel structure

The admin panel is organized into seven main sections:

3. Admin roles and access control

Role-based access control (RBAC) ensures each team member can only access the parts of the admin panel relevant to their job.

Built-in roles

Creating custom roles

1. Go to Admin → RBAC → Add Role
2. Name the role (e.g., “Senior Support”)
3. Check the specific permissions this role needs
4. Save and assign to admin users

Principle of least privilege: Grant only the permissions each person needs for their specific function. A support agent should not have financial approval permissions, and a content editor should not have player suspension rights.

For detailed instructions, see Admin: Settings & Compliance → Roles and permissions.

4. First-time setup (step-by-step)

Complete these steps in order before accepting real players. Each step links to the detailed documentation.

Step 1 — Secure admin access

• [ ] Change the default admin password → Admin → RBAC → Edit admin user → Change password
• [ ] Enable 2FA on the admin account → Admin → Profile → Enable 2FA
• [ ] Create separate accounts for each team member with appropriate roles → Admin → RBAC → Add Admin

Step 2 — Configure site identity

• [ ] Casino Name → Admin → Settings → General → Casino Name
• [ ] Support Email → Admin → Settings → General → Support Email
• [ ] Default Currency — choose the primary currency for new player accounts (e.g., USD, EUR, GBP)
• [ ] Default Language — default locale for new players (e.g., en)
• [ ] Timezone — sets displayed timestamps across the admin panel

See Admin: Settings & Compliance → General settings.

Step 3 — Configure email delivery

• [ ] Set SMTP host, port, username, and password → Admin → Settings → Email
• [ ] Set From Address (noreply@your-domain.com)
• [ ] Click Test Email and verify the test message arrives in your inbox

Email must be working before players register — registration, KYC, and payment notifications all depend on it.

See Admin: Settings & Compliance → Email / SMTP configuration.

Step 4 — Configure payment methods

For each payment provider you intend to use:

• [ ] Ensure provider API credentials are set in .env (Stripe, PayPal, Coinbase, Mollie, etc.)
• [ ] Navigate to Admin → Settings → Payment Methods → Add Method
• [ ] Set display name, minimum/maximum amounts, and any processing fee
• [ ] Toggle Enabled
• [ ] For providers with webhooks (Stripe, PayPal, Coinbase): configure the webhook URL in your provider dashboard pointing to https://your-domain.com/api/webhooks/payment/{provider}

See Admin: User & Payment Management → Payment methods configuration.

Step 5 — Enable and configure games

• [ ] Navigate to Admin → Games
• [ ] Toggle Enabled on the games you want to offer
• [ ] For each enabled game: click Configure and verify the Min Bet, Max Bet, and RTP values match your licensing requirements
• [ ] Set the display order by dragging game cards and clicking Save Order
• [ ] Assign games to categories (Slots, Table Games, Instant Games, etc.) for the player lobby filter tabs

See Admin: Dashboard & Game Management → Game catalog management.

Step 6 — Configure jurisdiction rules

• [ ] Navigate to Admin → Jurisdictions
• [ ] Add a jurisdiction rule for each country/region you plan to accept players from
• [ ] Set KYC thresholds, allowed games, responsible gaming requirements, and GAMSTOP integration if applicable

See Admin: Settings & Compliance → Jurisdiction management.

Step 7 — Configure responsible gaming defaults

• [ ] Set Session Duration Limit → Admin → Settings → Responsible Gaming
• [ ] Set Reality Check Interval (how often players see session time reminders)
• [ ] Confirm Deposit Limits, Loss Limits, and Wager Limits features are enabled
• [ ] Set Self-Exclusion Minimum duration
• [ ] Review AML thresholds in .env (AML_LARGE_TRANSACTION_THRESHOLD, AML_RAPID_DEPOSIT_COUNT, etc.)

See Admin: Settings & Compliance → Responsible gaming configuration.

Step 8 — Set up branding

• [ ] Upload casino Logo → Admin → Settings → Theme → Logo Upload
• [ ] Set Primary Color to your brand colour
• [ ] Set Body Font and Display Font
• [ ] Upload OG image → Admin → Settings → General → OG Image URL
• [ ] Update PWA manifest: public/manifest.json → set name, short_name, theme_color
• [ ] Replace PWA icon files in public/icons/ with branded versions

See Developer: Customisation Guide → Branding via the admin panel.

Step 9 — Review and update legal pages

• [ ] Navigate to Admin → Content and open each legal page
• [ ] Fill in your company legal name, registered address, gambling licence number, governing law jurisdiction, and support contact
• [ ] Have your legal counsel review all pages before going live

See Admin: Settings & Compliance → Content pages and branding.

Step 10 — Create a welcome bonus (optional)

• [ ] Navigate to Admin → Bonuses → Create Campaign
• [ ] Create a Welcome Bonus with your chosen percentage match, wagering requirement, and expiry
• [ ] Set Active From and Active Until dates

See Admin: Settings & Compliance → Bonus management.

Step 11 — Final pre-launch verification

• [ ] Log in as a test player and complete a full game round
• [ ] Make a test deposit (use a payment provider’s sandbox/test mode)
• [ ] Submit a test KYC document and approve it in the admin panel
• [ ] Send a test withdrawal and approve it
• [ ] Verify the player receives email notifications at each step
• [ ] Check the Dashboard shows correct KPI values
• [ ] Verify the health endpoint: curl https://your-domain.com/api/health
• [ ] Confirm Horizon is processing jobs: https://your-domain.com/horizon

5. Dashboard reference

URL: /admin/dashboard

The dashboard is the recommended starting point for daily operations. It shows the health of the platform at a glance.

KPI cards

What to action immediately:

• Withdrawals Pending > 0 — review the withdrawal queue daily (see Withdrawal approval queue)
• KYC Pending > 0 — target 24-hour turnaround on KYC reviews to avoid player friction (see KYC document review)

Recent activity feed

Shows the latest events in real time: player registrations, deposits, withdrawals, and game rounds above a configurable value threshold. Use this to spot unusual activity patterns that might warrant further investigation.

Historical charts

Toggle between 7-day, 30-day, and 90-day views:

• Daily Active Users (DAU) — player engagement trend
• Revenue — GGR and NGR (Net Gaming Revenue after bonus costs)
• Deposits vs. Withdrawals — cash flow overview
• New Registrations — acquisition trend

6. Daily operations checklist

Handling a pending withdrawal

1. Open Finance → Withdrawals — the queue shows all pending requests
2. Click a withdrawal to open the detail view
3. Check: KYC status (do not approve unverified players above your threshold) and AML flag (route to compliance if flagged)
4. Click Approve to process, or Reject with a written reason (reason is emailed to the player automatically)
5. For a batch of clean, low-risk withdrawals: use Batch Approve

Reviewing an AML alert

1. Open Compliance → AML Alerts
2. Click the alert to view associated transactions and player history
3. Determine: Clear (no action — document reason) / Escalate (refer to compliance team) / Freeze (suspend account pending investigation)
4. Write a review note documenting your decision — this is immutably logged

Reviewing a KYC document

1. Open Compliance → KYC
2. Click a pending review — uploaded documents open (ID front/back, proof of address)
3. Verify: name matches account registration, document is not expired, proof of address is recent (within 3 months)
4. Click Approve or Reject (rejection requires a reason, automatically emailed to the player)

7. Weekly operations checklist

8. Navigating between admin guides

The admin documentation is split across several files by topic:

For technical installation and server setup, see Developer: Installation Guide. For all .env variables, see Developer: Configuration Reference.