> ## Documentation Index
> Fetch the complete documentation index at: https://docs.arcuserp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Organization, Entities, and API Access

> Organization administration controls the account container around your Arcus entities. Use it to review plan limits, create sandbox or production entities, manage entity status, and control personal API keys used by scripts and integrations.

<Warning>
  **Organization tools affect the whole company**
  Treat organization pages like security and operating controls. Creating a production
  entity, deactivating an entity, or issuing an API key can affect users, integrations,
  reporting, and data access across the business.
</Warning>

## Use the Right Admin Surface

Arcus separates organization-level controls from entity-level settings. This keeps
company access, billing limits, and entity creation separate from daily operating
settings like shipping, tax, users, products, and documents.

* **Organization Overview**: review the current plan, usage, and enabled features.
* **Entities**: create sandbox or production entities and deactivate or reactivate existing entities.
* **Organization Users**: invite people and assign them to one or more entities.
* **Roles and Entity Team**: tune what users can do inside an entity.
* **API Keys**: create personal entity-scoped tokens for scripts that act as your user.
* **Developers**: manage shared entity API keys, webhooks, logs, analytics, collections, docs links, and SDK links when your role allows it.

## Review the Organization Overview

Open **Admin**, then **Organization**. The overview shows the
current plan, subscription status, feature badges, and usage against limits such as
entities, users, and products.

<Frame caption={"Use the organization overview to see plan status and whether entity, user, or product usage is near a limit."}>
  <img src="https://mintcdn.com/arcuserp/5v8ggAMP6rzMRoYX/images/support/screenshots/admin-access/organization-overview.png?fit=max&auto=format&n=5v8ggAMP6rzMRoYX&q=85&s=1bde18d658e90ea6c7a9aa32781b02d2" alt="Organization overview showing plan status, usage bars, enabled features, and links to organization areas" width="1640" height="520" data-path="images/support/screenshots/admin-access/organization-overview.png" />
</Frame>

If Arcus blocks a new entity, new user, or product expansion, check this page first.
A plan limit is different from a permission issue: a permission issue usually hides
or blocks an action for one user, while a plan limit affects the organization.

<Note>
  **Feature badges explain available workflows**
  Feature badges such as API Access, AvaTax, PrintNode, marketplaces, or advanced analytics
  indicate which optional capabilities are enabled for the organization. The detailed
  connector setup still lives in Integrations or the matching settings page.
</Note>

## Manage Entities

An entity is a separate operating company or environment inside the same organization.
Each entity has its own customers, products, inventory, accounting, documents, settings,
and user memberships.

<Frame caption={"The Entities page shows each entity, its environment, active status, member count, and location count."}>
  <img src="https://mintcdn.com/arcuserp/5v8ggAMP6rzMRoYX/images/support/screenshots/admin-access/organization-entities.png?fit=max&auto=format&n=5v8ggAMP6rzMRoYX&q=85&s=993b4c81c8b37daa1182bdb9a7b5b74a" alt="Entities page showing entity cards with environment badges, member counts, location counts, and active status" width="1640" height="430" data-path="images/support/screenshots/admin-access/organization-entities.png" />
</Frame>

* **Production**: live operating data. Use this for real orders, payments, labels, inventory, and accounting.
* **Sandbox**: test and training data. Use this before changing a production process.
* **Active**: users with membership can enter the entity.
* **Inactive**: the entity is no longer available for normal work, but its record remains in the organization.

<Warning>
  **Do not use sandbox as a second production company**
  Sandbox is for testing, training, and process rehearsal. Do not run real operations there
  unless the team intentionally wants test-mode connectors, test-mode payments, and non-live
  operating behavior.
</Warning>

## Create an Entity

Use **Create Entity** only when the business truly needs a separate company,
separate sandbox, or separate live environment. If you only need a warehouse, store,
ship-from address, or receiving location, create a location instead.

<Frame caption={"Create Entity asks for a name, short code, and environment before Arcus creates the new entity."}>
  <img src="https://mintcdn.com/arcuserp/5v8ggAMP6rzMRoYX/images/support/screenshots/admin-access/create-entity-modal.png?fit=max&auto=format&n=5v8ggAMP6rzMRoYX&q=85&s=7739f87a6e77d8109c7fc0b3ea847940" alt="Create Entity modal with entity name, entity code, and production or sandbox environment choices" width="980" height="980" data-path="images/support/screenshots/admin-access/create-entity-modal.png" />
</Frame>

1. Open **Admin**, then **Organization**.
2. Choose **Entities**.
3. Select **Create Entity**.
4. Enter a clear entity name.
5. Enter a short uppercase entity code that operators will recognize.
6. Choose **Production** or **Sandbox**.
7. Create the entity.
8. Invite or assign the users who should access the new entity.
9. Complete the entity setup checklist before using it for live work.

<Tip>
  **Set up the new entity before users start working**
  After creating an entity, configure business profile, locations, document numbering,
  tax, payment terms, shipping, integrations, users, roles, and opening balances before
  operators use it for real workflows.
</Tip>

## Deactivate or Reactivate an Entity

Deactivation is an access and operating-control action. It is not a cleanup shortcut.
Use it when an entity should no longer be used for normal work, such as an old sandbox,
a retired division, or a duplicate entity created during setup.

* Confirm no team is actively using the entity.
* Review open orders, open POs, unpaid bills, unposted accounting work, and active integrations.
* Export or archive required reports before removing day-to-day access.
* Tell users which entity replaces it, if any.
* Reactivate only after confirming why the entity was disabled.

Entity tiles show active status, environment, member count, and location count. The
Deactivate or Reactivate action is separate from deletion.

## Delete an Entity or Close the Organization

Entity deletion and organization closure are primary-owner actions. Use them only
after deactivation, review, and internal approval.

* **Delete** appears only for inactive entities and only to the organization's primary owner.
* **Pending Deletion** means deletion has been scheduled and can be cancelled before the final removal window ends.
* **Last active entity** cannot be deactivated as a normal entity cleanup path. Arcus directs the primary owner toward the organization closure flow instead.
* **Close Organization** is the front-door action for closing the whole account. It previews affected entities, users, rows, and connector secrets, then requires typed confirmation and a final acknowledgement.
* **Pending Closure** means the organization is scheduled for teardown. The primary owner can cancel closure while the cancel action remains available.

<Warning>
  **Deletion and closure affect data, users, and integrations**
  Before scheduling deletion, export required records, stop integrations, notify operators,
  and confirm which environment replaces the entity or organization. Do not use deletion
  as a routine cleanup shortcut.
</Warning>

## Use Personal API Keys Safely

Personal API keys let scripts authenticate to Arcus as your user for the current entity.
They are useful for controlled reporting, scheduled imports, and operational automation,
but they should be handled like passwords.

<Frame caption={"The API Keys page shows only safe key metadata. Arcus never shows the full token again after creation."}>
  <img src="https://mintcdn.com/arcuserp/5v8ggAMP6rzMRoYX/images/support/screenshots/admin-access/api-keys-list.png?fit=max&auto=format&n=5v8ggAMP6rzMRoYX&q=85&s=c4463306943f09a944dace6b7db17761" alt="API Keys page showing key names, token prefix, scope count, expiration, last used time, and revoke action" width="1300" height="360" data-path="images/support/screenshots/admin-access/api-keys-list.png" />
</Frame>

Each key is entity-scoped. A key created while you are in one entity should not grant
access to a different entity. The key can also be scoped to specific permissions, and
Arcus will not allow you to grant a key more access than your own effective permissions.

Personal keys are different from shared Developers settings keys. Use personal keys for
scripts that should act as one user. Use Developers settings for owner/admin-managed
entity integrations, shared service keys, webhooks, logs, analytics, and collection downloads.

## Create an API Key

1. Open **API Keys** from the account or profile area.
2. Select **New key**.
3. Name the key after the script or job that will use it.
4. Choose an expiration in days. Shorter is safer.
5. Select only the scopes the script needs. Empty scopes mean unrestricted, so avoid leaving scopes empty unless there is a clear reason.
6. Create the key.
7. Copy the token immediately and store it in your secret manager.

<Frame caption={"Give each key a purpose-specific name, expiration, and narrow set of scopes."}>
  <img src="https://mintcdn.com/arcuserp/5v8ggAMP6rzMRoYX/images/support/screenshots/admin-access/api-key-modal.png?fit=max&auto=format&n=5v8ggAMP6rzMRoYX&q=85&s=7970eba703769cbcc76cc6dc1f9f2dd6" alt="New API Key modal with name, expiration, scope groups, and Create button" width="980" height="980" data-path="images/support/screenshots/admin-access/api-key-modal.png" />
</Frame>

<Warning>
  **The full token is shown once**
  Arcus displays the full API token only when it is created. If it is lost, create a new key
  and revoke the old one. Never paste tokens into tickets, chat, screenshots, email, or docs.
</Warning>

## API Key Safety Rules

* Use one key per script or integration job so it can be revoked without breaking unrelated work.
* Prefer scoped keys over unrestricted keys.
* Use expirations and rotate keys on a schedule.
* Revoke a key immediately if it may have been shared, copied into logs, or committed to code.
* Remove keys during offboarding or when a script is retired.
* Review last-used timestamps to find stale keys.

## Common Blocks

* **Create Entity is blocked**: check your organization role and plan entity limit.
* **A user cannot see a new entity**: add the user to the entity from Organization Users and confirm their role.
* **An entity is missing from the selector**: confirm it is active and the user has an active membership.
* **Delete is missing on an entity tile**: confirm the entity is inactive and you are the organization's primary owner.
* **Close Organization is missing**: only the primary owner sees the organization closure danger-zone control.
* **API Keys page is unavailable**: your role may not include personal API key management or API Access may not be enabled.
* **Scope cannot be selected**: your user must already have that permission before a key can receive it.
* **Script stopped working**: check expiration, revoked status, entity context, and whether your role or scopes changed.

## Related Articles

<CardGroup cols={2}>
  <Card title="User Management" href="/support/settings/users">
    Invite users, manage entity access, roles, permissions, location restrictions, PINs, and MFA reset workflows.
  </Card>

  <Card title="Audit Log and Compliance" href="/support/settings/audit-compliance">
    Review audit activity, saved filters, compliance reports, exports, integrity checks, and deep-linked audit entries.
  </Card>

  <Card title="Company Setup" href="/support/settings/company-setup">
    Configure business profile, environment, branding, locations, and the workflow impact of company defaults.
  </Card>

  <Card title="Profile and Security" href="/support/settings/profile-security">
    Manage profile details, PIN lock, MFA, security keys, and recovery options.
  </Card>

  <Card title="Developers Settings" href="/support/settings/developers">
    Manage entity API keys, webhooks, usage logs, analytics, collection downloads, and docs links from the admin settings area.
  </Card>

  <Card title="Settings Overview" href="/support/settings/overview">
    Understand the admin surfaces, settings groups, and workflow impact areas.
  </Card>
</CardGroup>
