Settings Guide
This guide explains the settings available in the AGENTIC STAR marketplace admin console.
Accessing the Admin Console
After deployment, access the admin console URL in your browser and log in with the administrator email and password you set during purchase.
Self-signed certificates are used in the initial configuration, so your browser will display certificate warnings. Accept the certificate exception to proceed. For instructions on setting up proper SSL certificates, see the Domain Settings Guide.
Menu Structure
The admin console consists of the following menus.
| Category | Menu | Description |
|---|---|---|
| — | Dashboard | Usage overview |
| User Management | Administrators | Manage administrators with access to the admin console |
| Users | Manage end users | |
| Service Accounts | Manage service accounts for API usage | |
| Agent Management | MCP | MCP server management |
| LLM Settings | LLM provider and model configuration | |
| Agent Settings | Register and manage custom agents | |
| Guardrail Settings | Content safety and PII masking | |
| Blocked URLs | Manage URLs blocked from agent access | |
| Master Data | Organizations | Organization management |
| Job Types | Job type master data management | |
| Email Settings | Email provider configuration | |
| Log Management | Audit Logs | Admin operation history |
| LLM Audit Logs | LLM usage history | |
| Reports | User report review | |
| Access Logs | Access history |
User Management
Administrators
Manage administrator accounts with access to the admin console. The initial administrator is automatically created at purchase time.
Users
Manage end users of AGENTIC STAR. You can add, edit, and disable users.
Service Accounts
Create and manage service accounts for API usage. When a service account is created, a client ID and client secret are issued for API authentication.
For API usage instructions, see the Marketplace API Quickstart.
Agent Management
LLM Settings
Configure the LLM providers and models used by agents.
| Setting | Description |
|---|---|
| Agent Type | The target agent type for configuration |
| Model | Model name (LiteLLM format: provider/model-name) |
| API Key | LLM provider API key |
| Base URL | LLM provider endpoint URL |
| API Version | API version (YYYY-MM-DD format) |
| Additional Settings | Additional parameters in JSON format |
Sensitive values such as API keys are displayed as ******** after registration. Existing values are preserved if not changed.
Agent Settings
Register custom agents and make them available on the platform.
Basic Information
| Setting | Description |
|---|---|
| Display Name | Agent display name |
| Description | Agent description |
| Icon URL | Icon image URL |
| Tags | Classification tags (comma-separated) |
Docker Image
| Setting | Description |
|---|---|
| Image Registry | Container registry URL (e.g., myacr.azurecr.io) |
| Image Name | Image name (e.g., my-org/rag-agent) |
| Image Tag | Image tag (default: latest) |
| Image Pull Secret | Authentication secret for private registries |
Resources
| Setting | Description |
|---|---|
| CPU Request / Limit | CPU allocation (e.g., 500m, 2000m) |
| Memory Request / Limit | Memory allocation (e.g., 512Mi, 4Gi) |
| GPU Request | GPU allocation (optional) |
| GPU Type | GPU type |
Storage
Enable this when persistent storage is required.
| Setting | Description |
|---|---|
| Storage Size | Capacity (e.g., 10Gi) |
| Mount Path | Mount path inside the container (absolute path) |
| Storage Class | Kubernetes storage class |
| Access Mode | Access mode |
Execution Settings
| Setting | Description |
|---|---|
| Health Check Path | Health check endpoint path |
| Startup Timeout | Startup wait time (1–3,600 seconds) |
| Execution Timeout | Maximum execution time (1–86,400 seconds) |
| Max Concurrent Executions | Maximum number of concurrent instances (1–100) |
Protocol Settings
| Setting | Description |
|---|---|
| Protocol | Communication protocol (HTTP / gRPC) |
| Endpoint Path | Agent endpoint path |
Access Control
| Setting | Description |
|---|---|
| Organization ID | Allowed organizations (leave blank for all) |
| Visibility | Public / Organization / Private |
Environment Variables
You can set custom environment variables. The following reserved variables are automatically injected, so manual configuration is not required.
AGENT_IDORGANIZATION_IDEXECUTION_ID
Environment variables can be marked as secret (encrypted) and required.
ACR Secret Management
When using a private Azure Container Registry, you can automatically create an authentication secret with a username and password.
Guardrail Settings
Configure content safety and personal information protection for AI outputs.
Content Safety
Prompt Shield Detection
Detects and blocks jailbreak attacks. Can be toggled on/off.
Moderation Detection
Configure the detection level for harmful content.
| Level | Description |
|---|---|
| 0 | Disabled |
| 2 | Recommended (detects moderately harmful content) |
| 4 | Relaxed (detects only severely harmful content) |
| 6 | Minimal (detects only extremely harmful content) |
Detection categories: Violence, Sexual Content, Hate Speech, Self-Harm
PII Masking
Automatically detects and masks personally identifiable information (PII). Supports up to 189 categories (the number of supported categories varies by cloud provider).
Key detection targets:
- Identification information (phone numbers, email addresses, national ID numbers, etc.)
- Financial information (credit card numbers, account numbers, etc.)
- Medical information (insurance numbers, medical records, etc.)
- Location information (addresses, GPS coordinates, etc.)
- Credentials (passwords, API keys, tokens, etc.)
Blocked URLs
Manage URLs that agents are prohibited from accessing.
Restriction Granularity
| Feature | Granularity | Description |
|---|---|---|
| Basic (built-in) | Domain level | The ExtAuth Service (authorization control via Envoy sidecar) inspects outbound traffic from Pods. Because HTTPS traffic is TLS-encrypted and paths are not visible, in practice this functions as domain (+ port) level restriction. |
| Extended (optional implementation) | URL (path) level | By using the SDK's ConfigAccess.get_banned_urls() to inspect URL strings inside agent tools, you can implement path-level restrictions. |
Both features share the same Blocked URLs settings (banned_urls table), so registration in the admin panel is unified. See ConfigAccess.get_banned_urls() in the SDK Reference for the extended implementation approach.
Master Data
Organizations
Manage organization information.
Job Types
Manage the job type master data.
Email Settings
Configure the email provider used for sending notification emails.
Basic Settings
Toggle the email feature on/off.
SMTP Settings
| Setting | Description | Notes |
|---|---|---|
| Host | SMTP server hostname | Required (e.g., smtp.example.com) |
| Port | SMTP server port number | Required (1–65535, default: 587) |
| Encryption | Communication encryption method | None / SSL / TLS (TLS recommended) |
| Authentication | Authentication method | None / LOGIN / PLAIN / CRAM-MD5 |
| Username | SMTP authentication username | Required |
| Password | SMTP authentication password | Required |
| From Address | Sender email address | Required |
Log Management
Audit Logs
View the history of admin console operations. Track who changed what and when.
LLM Audit Logs
View LLM usage history. Track token consumption and request details.
Reports
Review user reports.
Access Logs
View application access history.