Help · For admins · Tier 5 — Admin & account

Admin reporting & analytics

What an admin sees about a school's use of Red Stet: the org dashboard's six tabs, per-teacher feed, seat/cost surfaces, audit log, SIS endpoint, and the privacy boundaries that scope what reporting can reach.

In this doc

The org dashboard
Per-teacher usage
Cost & seat reporting
What admins can't see
Admin audit log
SIS / warehouse integration
Seats & provisioning log

The org dashboard SHIPPED

Verified org admins see an "Org" button in the top bar. It opens a slide-in dashboard scoped to their district or school. Six tabs:

Overview — active teachers, active students, classrooms in scope, submissions and recordings this week, the current 30-day integrity rollup.
Teachers — one row per teacher: classrooms owned, assignments created, submissions graded, recordings reviewed.
Classrooms — one row per classroom: on-time rate, attempt distribution (1 / 2 / 3+), recording adoption rate.
Writing patterns — school-wide typing-rhythm distribution. K-anonymity gated; renders only at 10+ samples.
Seats — contracted, active, and inactive seat counts.
Audit — reverse-chronological feed of every admin-side action.

Heavy aggregates are precomputed by daily crons. Counts under the k-anonymity floor are silently omitted.

Export from any tab. The dashboard has CSV and PDF buttons that emit the current view. CSV is the raw rows; PDF opens a printable HTML page you can print-to-PDF from the browser. Every export writes an audit-log row capturing who pulled what.

Per-teacher usage SHIPPED

Each teacher has an activity feed backed by teacherActivity.recentForTeacher — last 30 days of submission state changes, inbound student messages, and recording uploads, newest first.

The admin rollup lives on the Teachers tab: classrooms owned, assignments created, submissions graded, recordings reviewed for every teacher over the chosen window.

Jamie Sandoval

English · 4 classes

Pub12

Graded184

Recs viewed47

Med t-t-g1.8d

Maria Kowalski

History · 5 classes

Pub9

Graded156

Recs viewed3

Med t-t-g4.2d

Diego Rivera

English · 3 classes

Pub1

Graded4

Recs viewed0

Med t-t-g—

Cost & seat reporting SHIPPED

Each user carries a subscriptionTier (free, plus, institutional) and a stripeCustomerId when they're the billing party. The Seats tab rolls these into contracted, active, and inactive counts from seatAssignments.

Stripe-side detail (invoices, payment method, billing contact) lives in Account & billing, not here. Per-tier visibility is gated by featureGates.

Contracted student seats 800

Active · last 30 days 612 (76%)

Provisioned, inactive 142

Unallocated 46

Teachers consumed 38 of 50

Term Fall 2026

What admins can't see SHIPPED

Reporting can't reach these surfaces, even though the data exists elsewhere.

Individual student writing

Admins see that a student submitted, when, how many attempts. The content — essay, marks, annotation comments — isn't reachable from reporting. The only path to a document is legitimate cause: a teacher escalating an integrity case, or a parent/legal request. Both are out-of-band, not dashboard clicks.

Individual keystroke streams

The raw Provenance event stream lives on the student's device — see What's recorded. Teachers see rendered playback, not raw keystrokes. Admins see neither.

Individual flag-decision history

"Confirmed / non-issue / pending" decisions on recordings stay with the teacher.

Individual messages

Assignment messaging threads (student↔teacher and teacher↔group) are visible only to participants. Admins can't read message bodies.

Legitimate-cause access is explicit and audited. Real integrity or safety investigations have access paths — documented requests, not dashboard clicks, with a trail in the audit log.

Visible in reporting

Submission counts · grading rates · recording counts · seat usage · aggregate writing distributions · investigation outcomes (counts)

Not accessible from reporting

Student writing content · individual keystroke streams · per-document flag decisions · message bodies · individual paste positions

See Data retention & deletion.

Admin audit log

Every admin action that touches data writes a row. The Audit tab renders it reverse-chronologically: who, what, when, target. Exports, role changes, seat assignments all log the same way.

Append-only — admins read, never edit. Visibility follows scope: a school admin sees their school; a district admin sees the district plus every school under it.

Recorded actions include:

admin.export · seat.assigned · seat.revoked · sso.config-updated · admin.role-changed · domain.preapproved

SIS / warehouse integration

Schools on the warehouse integration pull aggregate integrity rates as JSON via /api/sis/integrity-rates?schoolId=…. Response mirrors the dashboard rollup: windows, subject breakdowns, totals, reviewed counts, review rate.

Authenticates via the same admin session as the dashboard, so a warehouse cron needs an admin to mint a session. A dedicated institutional API token ships with the institutional-tier seat-management page.

GET /api/sis/integrity-rates
    ?schoolId=<id>
    &since=<unix-ms>

{ "schoolId": "...",
  "rows": [
    { "windowStart": ...,
      "windowEnd":   ...,
      "subject":     "ELA",
      "totalSubmissions":    142,
      "reviewedSubmissions": 118,
      "confirmedIssueCount": 6,
      "nonIssueCount":       109,
      "pendingCount":        3,
      "reviewRate":          0.83 } ] }

School account setup — provisioning, billing, the admin role.
SSO setup — how admins and teachers sign in.
What's recorded — scope of Provenance data.
Integrity investigation — the per-document workflow that produces flag decisions.
Data retention & deletion — how long data lives, how to request removal.
Connecting Red Stet to your LMS — LTI 1.3 sync.
Back to the help library.

Email feedback.

Seats & provisioning log

The Organization panel in the teacher left rail has three tabs: Seats, Activity, SSO. District or school org admins see it; no one else.

The Seats tab shows the usage snapshot: verified teacher count, co-teacher count, TA count, students enrolled, active seats billed, outstanding invites. Invite one teacher at a time (email + role) or bulk via CSV (email,role). Every invite writes a row to the provisioning log.

The Activity tab is the provisioning log: every user-provisioning event the school cares about, newest first. Sources: manual invites, bulk CSV uploads, SSO sign-ins (when configured), Clever / ClassLink roster syncs (when credentials land). Each row carries an ok / warn / error pill and a short message. "Load older" pages back.

Teacher-verification events from the legacy dashboard surface here too — backfillFromTeacherActivity copies past approvals so Activity has history from day one.