Workspace Settings

Workspace Settings allow administrators to configure workspace-wide preferences, review subscription status, and manage security policies, appearance defaults, and system behavior. In the sidebar they appear under Settings -> Workspace. These settings affect all users in your workspace and should be managed carefully.

General settings

• Set the default country and currency used by workspace workflows.
• When invoicing is enabled, choose the default billing wage used as the final fallback for work-time billing.
• Set the default invite role preselected when admins invite a new workspace member.

Dashboards

• Open Workspace Settings -> Dashboards to assign shared dashboard layouts to members.
• Only active layouts that have been shared with the workspace can be assigned. Create or share the layout from the main Dashboard first.
• Apply a shared layout to all active members, members with selected roles, or selected individual members. The page shows each member's current dashboard and saved personal dashboards.
• Set default makes a shared layout the workspace fallback for members without another active dashboard.
• Delete personal dashboards removes personal layouts for the targeted members after assigning the shared layout. Users with workspace settings management access can also remove an individual member's saved dashboard from the member table.
• The dashboard management view works in batches of up to 250 active members.

Roles

• Open Workspace Settings -> Roles to review workspace roles and create custom roles for invitations and member assignments.
• The protected Admin role is seeded by the system and cannot be edited or deleted.
• Custom roles can start empty or copy the grants from an existing role. Copying a role copies its current permission grants.
• The role detail view groups active grants by resource and action. All grants allow the action broadly; conditional grants are evaluated per record by the stored predicate.
• Conditional predicates can compare fields to the current user, users in groups the current user leads, groups the current user leads, or groups the current user belongs to when those actor values match the selected field type.
• Conditional access is edited as one or more rule sets. Multiple rule sets are ORed by the authorization layer, and advanced admins can edit the raw filter AST JSON for a rule set; the backend validates it again before saving.
• Role-management actions follow the roles permission: read controls access to the page, and create, update, or delete control the matching changes. Permission resources follow the workspace's enabled features, with roles and workspace always available.
• Conditional user and role grants can also restrict target roles to the member's own role, roles below their own role, or an explicit role list.
• Custom roles can be renamed or described. Deleting a custom role also removes its grants, but deletion is blocked while the role is assigned to any member.

Subscription

• Open Workspace Settings -> Subscription to review the workspace's current subscription data.
• The page shows the subscription status, billing status, monthly price, next renewal, tax status, collected tax ID when available, and the currently enabled feature keys.
• If a new monthly price is already scheduled, the page also shows the pending amount for the next billing cycle.
• Complete billing setup opens Stripe Checkout for paid workspaces that already have a price but no active Stripe subscription yet.
• Manage subscription opens the live Stripe customer portal for workspaces that already have a Stripe customer.
• The page also includes recent Stripe subscription invoices, which you can open directly from the invoice list.
• Admins can see an in-app billing banner when checkout still needs to be completed or Stripe reports a payment issue.

Accounting

• Open Workspace Settings -> Accounting when invoicing is enabled and you need to configure bookkeeping handoff defaults.
• Save workspace-wide export settings such as provider, BMD client number, account chart, bookkeeper recipients, default revenue and expense accounts, document inclusion, export locking, and tax-code mappings per source type and VAT rate.
• The account chart controls which seeded accounts and category mappings are used. Austrian workspaces default to the Austria EKR chart unless another chart is configured.
• The partner-number table lets you maintain customer and vendor numbers, VAT IDs, tax numbers, default accounts, cost centers, payment terms, and export status per organization.
• Accounting learning rules show the account choices Einblick has learned from bills, financial entries, and bank transactions. Admins can change the mapped account or archive an outdated rule.
• Connected Stripe accounts can sync balance transactions and payouts into the journal. These postings use the chart's Stripe clearing account, payment-processor-fee account, bank account, and default revenue account.
• Run the handoff workflow in Accounting Exports. That page previews a monthly period, shows blocking issues and warnings, generates immutable export snapshots, creates BMD ZIP packages, stores the manifest, and records Mark sent handoffs.
• Preview and settings support multiple providers, but ZIP package generation is currently wired only for BMD.

Billing

• Open Workspace Settings -> Billing when invoicing is enabled and you need workspace-wide billing defaults.
• Maintain wages, employments, the default invoice PDF template, invoice PDF title/top/bottom defaults, email signatures, and payment reminder settings.
• Billing wages can carry a billing category and revenue account. Invoice positions created from those wages inherit the accounting defaults unless the position is overridden.
• Reusable product records are managed in Products, not in Billing settings.
• Invoice PDF defaults support placeholder tokens for client, invoice number, dates, amounts, issuer, project, and service description. New invoices use these defaults unless the invoice provides its own PDF text.

API

• Open Workspace Settings -> API when the workspace has the API feature enabled.
• Access to this page follows the api role permission. Role grants for read, create, update, and delete control viewing keys and external sites, creating them, changing API-key grants or origins, and revoking or removing them.
• Create API keys for CMS collections, supported native endpoints, standard resource writes, and public commands.
• Limit readable fields per endpoint, add server-side filters, configure writable fields separately, and grant only the resource write actions or commands external consumers should be allowed to call.
• The page also includes install commands for the official @einblick/sdk and links to the per-key schema and OpenAPI documents.
• External Sites on the same page let you register live origins and copy the publishable site key for in-page editing.
• See Einblick SDK In-Page Editing for framework support and cache invalidation guidance.

Newsletters

• Open Workspace Settings -> Newsletters when the workspace has the Newsletters feature enabled.
• Review the current monthly recipient usage for Einblick-hosted sending, including sent, reserved, failed, blocked, remaining, and limit values.
• Choose whether public API newsletter signups subscribe immediately or require email confirmation before the address can receive campaigns.
• Add sending domains and copy the DNS records required for verification. A custom Einblick-hosted sender can only use a verified domain, otherwise it falls back to the configured Einblick sender address.
• The page also shows whether active SMTP senders or Google Workspace sender connections are available. Manage those sender accounts from Workspace Integrations.
• Maintain audience groups in Contact Groups. Campaign audiences can target individual contacts, contact groups, users, user groups, and organizations.

Jobs

• Open Workspace Settings -> Jobs to configure workspace-wide recruiting defaults.
• Set the default locale for new openings and optionally limit the supported locales available for job content.
• Decide whether public applications require email confirmation before they count as submitted.
• Add the privacy-policy URL used on the public application form.
• See Jobs for the internal review flow and public job pages.

Appearance

• Set default theme (light or dark) for all users.
• Configure organization branding and visual identity.
• Customize default interface elements and styling.
• Control how the system looks for all users by default.

Security

• Open Workspace Settings -> Security to manage workspace-wide security policy.
• Workspace admins can require MFA for active workspace members. Users without 2FA are shown the setup screen before they can continue into the workspace.
• MFA is account-level: once a user enrolls, the same enrollment protects every workspace they belong to.
• Users cannot disable 2FA while any workspace or system-admin policy still requires it.
• Protected system-admin access also requires account-level MFA in addition to the configured system-admin email allowlist.

Notifications

• Configure default notification preferences for the organization.
• Set up notification templates and messaging defaults.
• Manage workspace-wide notification channels and delivery methods.
• Control which events trigger notifications by default.
• Workspace notification defaults apply to workspace-scoped events. Account-wide events such as chat messages, incoming calls, daily digest, sign-in alerts, and workspace invitations are controlled in personal notification settings.

Display

• Set the workspace-wide date and duration formats.
• Open Workspace Settings -> Work Times to configure confirmation policy, project allocation, group/location tagging, overlap handling, work scheduling, long-work thresholds, and pause rules.
• The confirmation policy controls whether saved work times are approved immediately or require leader/admin confirmation, employee confirmation, or both. Manager-side confirmation also exposes pending confirmations and absence approval actions for supervised people.
• The overlap setting controls whether one member can save work-time entries that overlap another non-archived entry in the same workspace.
• Enable Work Schedule to let users with work-time create access plan future entries in the day, week, or month grid. Their role target rules decide which active members and groups appear.
• Long-work and pause rules can either warn or block saving. The pause rule defaults to 30 minutes after more than 6 worked hours when enabled.
• Monthly timesheets appear when the workspace has the timesheets feature. Closing a month locks approved work times and absences and generates PDF timesheets.

Absence reasons

• Open Workspace Settings -> Absence Reasons to manage the workspace's absence catalog. Catalog management requires unrestricted update access for absences.
• Create custom reasons or seed the DACH starter set for common leave types.
• Each reason can define whether it is paid, needs approval, requires a medical certificate, defaults to whole-day or multi-day, counts as working time, and affects vacation balance.

Naming conventions

• Configure how entities are named throughout the system.
• Set up naming patterns for projects, tasks, work orders, etc.
• Customize terminology to match your organization's language.
• Control how items are identified and displayed.

Best practices

• Review workspace settings regularly to ensure they align with organizational needs.
• Document any custom configurations for future administrators.
• Test changes in a non-production environment when possible.
• Communicate significant changes to users before implementing them.
• Keep security settings up to date with current best practices.
• Use naming conventions that are consistent and clear for all users.