Settings & Compliance
This guide covers site-wide configuration, responsible gaming, compliance features, the affiliate and VIP programs, and admin role management.
Table of Contents
- General settings
- Email / SMTP configuration
- Security settings
- Responsible gaming configuration
- Jurisdiction management
- Bonus management
- Affordability reviews
- Enhanced Due Diligence (EDD)
- Affiliate program setup
- VIP and loyalty tier configuration
- Content pages and branding
- Push notification campaigns
- Roles and permissions (RBAC)
- Audit log
1. General settings
URL: /admin/settings → General tab
These settings define your casino’s identity and core behaviour.
| Setting | Description |
|---|---|
| Casino Name | Displayed in the browser tab, emails, and push notifications |
| Support Email | Contact address shown to players on the site |
| Default Currency | Currency assigned to new player accounts (e.g., USD, EUR, GBP) |
| Default Language | Default locale for new players (e.g., en, de, es) |
| Maintenance Mode | Puts the player-facing site in maintenance mode. Admin panel remains accessible. |
| Registration Open | Toggle player registration on or off (useful when preparing a go-live) |
| Timezone | Server timezone for displayed timestamps |
2. Email / SMTP configuration
URL: /admin/settings → Email tab
Configure the SMTP connection used for all transactional emails (registration confirmations, withdrawal notifications, KYC decisions, etc.).
| Field | Example |
|---|---|
| SMTP Host | smtp.mailgun.org |
| SMTP Port | 587 |
| SMTP Username | postmaster@your-domain.com |
| SMTP Password | Your API key or SMTP password |
| Encryption | tls or ssl |
| From Address | noreply@casino.example.com |
| From Name | Your Casino |
After saving, use the Test Email button to send a test message to the current admin’s email address. Verify it arrives before going live.
Email delivery is asynchronous — emails are queued and dispatched by Horizon. If test emails don’t arrive, check that Horizon is running (
/horizondashboard).
3. Security settings
URL: /admin/settings → Security tab
| Setting | Description |
|---|---|
| Max Login Attempts | Number of failed login attempts before a CAPTCHA is required (applies to players) |
| Session Timeout (minutes) | Player inactivity timeout — forces re-login after this period |
| 2FA Required for Admins | Enforce TOTP 2FA on all admin accounts (enabled by default) |
| VPN / Proxy Detection | Block players connecting via VPN or proxy |
| VPN Detection API Key | API key for the IP intelligence provider used for VPN detection |
VPN detection logs
URL: /admin/settings → VPN Settings tab
Shows the last 50 VPN detection events — IP addresses blocked, timestamps, and the player account (if any) associated with each blocked session. Useful for investigating false positives.
4. Responsible gaming configuration
URL: /admin/settings → Responsible Gaming tab
Configure platform-wide responsible gaming defaults. These are the defaults applied when no player-specific limits are set.
| Setting | Description |
|---|---|
| Deposit Limits Enabled | Allow players to set daily/weekly/monthly deposit limits |
| Loss Limits Enabled | Allow players to set loss limits |
| Wager Limits Enabled | Allow players to set wagering limits |
| Session Duration Limit (hours) | Maximum continuous play session before forced logout |
| Reality Check Interval (minutes) | How often players see a session time reminder pop-up |
| Cool-Off Durations | Available cool-off periods players can self-select (e.g., 24h, 7d, 30d) |
| Self-Exclusion Minimum (days) | Minimum duration for a self-exclusion request |
| Default Daily Deposit Cap | Optional platform-wide ceiling on daily deposits |
Self-exclusion management
Self-exclusion is always player-initiated (via their account settings page). Self-excluded players:
- Cannot log in or access the casino
- Receive a confirmation email
- Can request support to understand when the exclusion expires
Admin review of self-exclusion:
- Go to Player Detail → Limits tab
- View self-exclusion history including start date, end date, and reason
- Admin revocation is only available in exceptional regulatory circumstances and requires documented justification
Warning: Revoke self-exclusions only per your licensing requirements. Premature revocation may constitute a regulatory breach and carries operator liability.
Admin-imposed deposit limits
Admins can set deposit limits on behalf of players (e.g., as a regulatory compliance measure):
- Go to Player Detail → Limits tab
- Click Add Limit
- Select period (daily / weekly / monthly) and amount
- Admin-imposed limits can only be raised after a mandatory cooling-off period
5. Jurisdiction management
URL: /admin/jurisdictions
Define regulatory rules per country or region. These rules override global defaults for players in specific jurisdictions.
| Field | Description |
|---|---|
| Jurisdiction Code | ISO country code (e.g., GB, DE, MT, CA) |
| Allowed Games | Whitelist of game slugs available in this region (leave empty = all games allowed) |
| Blocked Games | Specific games blocked in this region |
| Max Bet Limit | Override the per-game max bet for this jurisdiction |
| Require KYC Before Play | Require verified identity before placing first bet |
| Require KYC at Deposit Threshold | KYC trigger amount (in player currency) |
| Require Affordability | Trigger an affordability review when cumulative losses exceed this threshold |
| GAMSTOP Integration | Check UK players against the GAMSTOP self-exclusion register |
Jurisdiction rules are evaluated on player registration and re-evaluated on each deposit.
6. Bonus management
URL: /admin/bonuses
Bonus campaign types
| Type | Description |
|---|---|
| Welcome Bonus | Awarded on first deposit — percentage match with wagering requirement |
| Reload Bonus | Recurring deposit bonus for existing players |
| Free Spins | Credited spins on specific slot games |
| No Deposit Bonus | Credits on registration, no deposit required |
| Cashback | Percentage of net losses returned as bonus funds |
| Referral Bonus | Awarded when a referred player makes their first deposit |
| VIP Reward | Manually awarded to high-value players |
Creating a bonus campaign
- Navigate to Bonuses → Create Campaign
- Fill in:
- Name and Description (shown to players)
- Type (select from the list above)
- Bonus Amount or Percentage with Max Bonus Amount
- Wagering Requirement (e.g.,
30x= player must wager 30× the bonus amount) - Game Contribution rates (which categories count toward wagering)
- Expiry (days the player has to meet wagering requirements)
- Min Deposit (for deposit-triggered bonuses)
- Max Claims (leave blank for unlimited)
- Active From / Until (schedule the campaign window)
- Use Clone Bonus to quickly create variations of existing campaigns.
Wagering contribution defaults
| Game Category | Typical Contribution |
|---|---|
| Slots | 100% of wager |
| Table Games | 10–20% (configurable) |
| Video Poker | 10% |
| Live Games | 0% (excluded by default) |
| Instant Games | 100% |
Manual bonus award
To award a bonus directly to a specific player:
- Go to Bonuses → Manual Award
- Search for the player by email
- Select the bonus campaign
- Confirm — the bonus is immediately added to the player’s account
Bonus reports
URL: /admin/bonuses → Reports tab
Shows for the selected period:
- Total bonus value awarded
- Bonus conversion rate (% of players who completed wagering requirements)
- Outstanding wagering liability (total bonus funds still subject to wagering)
- Top campaigns by claim volume
7. Affordability reviews
URL: /admin/affordability
When a player’s cumulative losses exceed the affordability threshold (configured per jurisdiction), the system automatically creates an affordability review.
Review process:
- Open the affordability review from the queue.
- Review the player’s deposit and loss history.
- Determine whether to:
- Clear — no action required; player’s activity is within normal range
- Request Documentation — email the player asking for proof of income/financial information
- Impose Limits — set admin-imposed deposit or loss limits on the account
All decisions are logged in the audit trail.
8. Enhanced Due Diligence (EDD)
URL: /admin/edd
EDD is triggered automatically for high-risk players based on:
- High deposit volume above the EDD threshold (configured in
.envasEDD_HIGH_DEPOSIT_THRESHOLD) - PEP (Politically Exposed Person) status
- High-risk jurisdictions
EDD requires additional documentation beyond standard KYC (e.g., source of wealth declaration, proof of income).
Review process: Identical to KYC review — approve or reject the uploaded EDD documents, add notes, and the decision is logged.
9. Affiliate program setup
URL: /admin/affiliates
The affiliate program lets partners refer new players in exchange for commission on their activity.
Creating an affiliate account
- Navigate to Affiliates → Create Affiliate
- Enter the affiliate’s name and email
- Set the commission rate (% of referred player GGR or deposits — configurable per affiliate)
- Set allowed marketing channels (e.g., display, email, SEO — for your records)
- The affiliate receives their unique referral link via email
Commission structure
Each affiliate’s commission is calculated on:
- Revenue Share — percentage of net GGR from referred players
- CPA (Cost Per Acquisition) — flat fee per referred player who deposits
Commission type and rate are set per affiliate. Adjust in the affiliate settings.
Affiliate reporting
From the affiliate detail page, view:
- Total referrals
- Referral conversion rate
- Commission earned (total and pending payout)
- Per-player commission breakdown
Processing payouts
See Admin: User & Payment Management → Affiliate Management.
10. VIP and loyalty tier configuration
URL: /admin/settings → VIP & Loyalty tab
The loyalty system awards points for every bet placed. Points accumulate toward VIP tier thresholds and can be spent in the rewards shop.
Configuring tiers
Each VIP tier has:
| Field | Description |
|---|---|
| Name | Tier display name (e.g., Bronze, Silver, Gold, Platinum) |
| Points Required | Cumulative points to reach this tier |
| Benefits Description | Text shown to players explaining tier perks |
| Cashback Rate | % of net losses returned as bonus for this tier |
| Withdrawal Priority | Whether withdrawals for this tier get expedited processing |
| Bonus Multiplier | Bonus wagering contribution multiplier for this tier |
Points accrual rate
Configure how many loyalty points are awarded per unit wagered:
| Setting | Description |
|---|---|
| Points per $1 Wagered | Base accrual rate (e.g., 10 points per $1) |
| Game Multipliers | Per-game or per-category point multiplier (e.g., 2× for slots) |
Rewards shop
URL: /admin/rewards
Manage physical and digital rewards that players can redeem with accumulated points:
| Field | Description |
|---|---|
| Name | Reward title (e.g., “Amazon Gift Card $50”) |
| Category | Group (Electronics, Experiences, Cash Equivalents) |
| Points Cost | Points required to redeem |
| Stock | Available inventory (0 = sold out) |
| Image URL | Product image |
Fulfillment queue (/admin/rewards/fulfillment): Manage pending redemption requests — mark as fulfilled/shipped or cancel with a reason.
11. Content pages and branding
Content pages
URL: /admin/content
Manage static pages visible to players (Terms & Conditions, Privacy Policy, Responsible Gaming information, Help/FAQ, etc.):
| Field | Description |
|---|---|
| Title | Page heading |
| Slug | URL path (e.g., terms-and-conditions → https://casino.com/terms-and-conditions) |
| Content | Rich text body (HTML supported) |
| Published | Toggle visibility |
Legal pages (Terms, Privacy Policy, Responsible Gaming) must be kept up to date per your licensing requirements. Changes to these pages should be reviewed by your legal team before publishing.
Theme and branding
URL: /admin/settings → Theme tab
Customize the visual identity of the player-facing site without touching code:
| Setting | Description |
|---|---|
| Logo | Upload casino logo (PNG or SVG recommended) |
| Favicon | Upload favicon |
| Background Image | Lobby background image |
| Primary Color | Main accent color (buttons, highlights, active states) |
| Secondary Color | Supporting UI color |
| Color Preset | Select from pre-built themes for quick setup |
Preview changes before saving. Theme changes apply immediately to all players.
For deeper customisation (fonts, layout, component changes), edit the Vue source files in resources/js/. See docs/guides/BRANDING_GUIDE.md in the source repo for the full branding reference.
12. Push notification campaigns
URL: /admin/push-campaigns
Send web push notifications to opted-in player segments.
Creating a campaign
- Click Create Campaign
- Fill in: Title, Body, Icon URL, Click URL (where the notification links to)
- Select Target Audience:
- All subscribed players
- Players in specific jurisdictions
- Players who haven’t deposited in N days (re-engagement)
- VIP tier segments
- Click Estimate Reach to preview how many players will receive it
- Send Now or Schedule for a specific date/time
Analytics
After delivery, view:
- Delivered — sent successfully to the player’s browser
- Clicked — player tapped the notification
- Dismissed — player dismissed without clicking
13. Roles and permissions (RBAC)
URL: /admin/rbac
Managing admin users
| Action | Steps |
|---|---|
| Create admin | Click Add Admin → enter email, set a temporary password, assign role(s) |
| Change password | Edit the admin user → set a new password |
| Assign roles | Select one or more roles from the role list |
| Deactivate admin | Click Deactivate — the user cannot log in but the account is not deleted |
Managing roles
Roles are collections of permissions. Each permission maps to a specific admin action.
Creating a custom role:
- Click Add Role
- Name the role (e.g., “Senior Support”)
- Check the permissions this role should have
- Save and assign to admin users as needed
Example permissions:
| Permission | What it allows |
|---|---|
players.view |
View player list and detail |
players.suspend |
Suspend and unsuspend player accounts |
finance.view_transactions |
View the transaction ledger |
finance.approve_withdrawal |
Approve or reject withdrawals |
kyc.review |
Approve and reject KYC documents |
compliance.aml_review |
Review AML alerts |
settings.edit |
Edit site settings |
games.toggle |
Enable and disable games |
Principle of least privilege: Grant each admin only the permissions they need for their specific role. Avoid giving support agents access to financial approval functions, and vice versa.
14. Audit log
URL: /admin/audit-log
Every significant admin action is permanently recorded. The audit log cannot be edited or deleted.
Log entry fields
| Field | Description |
|---|---|
| Timestamp | When the action occurred (UTC) |
| Admin | Which admin performed the action |
| Action | What was done (e.g., player.suspend, withdrawal.approve) |
| Target | The affected resource (player ID, game slug, transaction ID) |
| IP Address | The admin’s IP at time of action |
| Notes | Additional context or reason provided at the time |
Filtering
Filter by:
- Admin user
- Action type
- Date range
- Target resource ID
Exporting
Click Export CSV to download filtered audit log entries. Required for regulatory compliance reporting in most jurisdictions. Export and archive regularly.
For player and payment management, see Admin: User & Payment Management. For game and dashboard management, see Admin: Dashboard & Game Management.