Appearance
Admin Setup
This guide walks you through setting up BluePLM for your organization. Follow the steps in order.
Prerequisites
You need:
- A Supabase account (free tier works)
- BluePLM installed on your computer
- (Optional) A Google Cloud account for Google Sign-In
Step 1: Create a Supabase Project
- Go to supabase.com and sign in or create an account
- Click New Project
- Choose a project name and set a strong database password
- Select a region close to your team
- Click Create new project and wait ~2 minutes for provisioning
Once ready, go to Settings → API and note:
- Project URL (e.g.,
https://abcdefgh.supabase.co) - anon/public key (starts with
eyJ...)
You'll enter these in BluePLM later.
Step 2: Set Up Google OAuth (Recommended)
Google Sign-In provides the smoothest authentication experience. Skip this step if you prefer email/password only.
In Google Cloud Console
- Go to Google Cloud Console
- Create a new project or select an existing one
- Navigate to OAuth consent screen
- Choose Internal if you have Google Workspace
- Choose External otherwise
- Fill in:
- App name: "BluePLM"
- User support email: your email
- Developer contact: your email
- Click Save and Continue through the scopes (defaults are fine)
- Go to Credentials → Create Credentials → OAuth 2.0 Client ID
- Select Web application
- Add this Authorized redirect URI:Replace
https://YOUR-PROJECT-REF.supabase.co/auth/v1/callbackYOUR-PROJECT-REFwith your Supabase project reference (the subdomain from your Project URL). - Click Create and copy your Client ID and Client Secret
In Supabase Dashboard
- Go to Authentication → Providers → Google
- Toggle Enable Sign in with Google
- Paste your Client ID and Client Secret
- Click Save
- Go to Authentication → URL Configuration
- Set Site URL to:
http://localhost - Add these Redirect URLs:
http://localhosthttp://localhost:5173http://127.0.0.1
Step 3: Create Storage Bucket
Do This Before Running Schema
The storage bucket must exist before running the schema SQL, or the storage policies will fail.
- Go to Storage in Supabase Dashboard
- Click New Bucket
- Name it exactly:
vault - Uncheck "Public bucket" (must be private)
- Click Create bucket
Step 4: Run Database Schema
The schema creates all required tables, functions, Row Level Security policies, and storage policies.
- Go to SQL Editor in Supabase Dashboard
- Click New query
- Open
supabase/schema.sqlfrom the BluePLM repository - Copy the entire contents
- Paste into the SQL Editor
- Click Run
Verify there are no errors. Warnings about "already exists" are OK if you're re-running.
Step 5: Create Your Organization
Run this SQL in the SQL Editor (customize the values):
sql
INSERT INTO organizations (name, slug, email_domains)
VALUES (
'Your Company Name', -- Display name
'your-company', -- URL-safe slug (lowercase, no spaces)
ARRAY['yourcompany.com'] -- Email domains for your team
);This automatically creates:
- Default teams: Viewers, Engineers, Administrators
- Default job titles (Design Engineer, Quality Engineer, etc.)
Email Domains
The email_domains array enables auto-detection. When users with matching email domains sign in, BluePLM can automatically associate them with your organization.
Step 6: Connect BluePLM
- Download and open BluePLM
- Complete the language/analytics setup if this is your first launch
- On the Setup screen, click "I'm setting up BluePLM for my organization"
- Enter:
- Supabase URL:
https://xxxxx.supabase.co - Anon Key: starts with
eyJ... - Organization Slug (optional): e.g.,
your-company
- Supabase URL:
- Click Connect to Supabase
- Copy the generated Organization Code (save this for team members!)
Keep the Code Secure
The Organization Code contains your Supabase anon key encoded. Share it only with trusted team members.
Step 7: Sign In and Configure Admin
- Click Continue and sign in with Google (or email/phone)
- After signing in, you need to link yourself to the organization and grant admin privileges
Run this SQL in the SQL Editor (replace the values):
sql
-- 1. Link yourself to the org and set as admin
UPDATE users
SET org_id = (SELECT id FROM organizations WHERE slug = 'your-company'),
role = 'admin'
WHERE email = '[email protected]';
-- 2. Add yourself to the Administrators team
INSERT INTO team_members (team_id, user_id, is_team_admin, added_by)
SELECT
t.id,
u.id,
TRUE,
u.id
FROM teams t, users u
WHERE t.org_id = (SELECT id FROM organizations WHERE slug = 'your-company')
AND t.name = 'Administrators'
AND u.email = '[email protected]'
ON CONFLICT (team_id, user_id) DO NOTHING;Sign out and back in to BluePLM for the changes to take effect.
Step 8: Create Your First Vault
Vaults are containers for files. Create at least one to start working.
First, get your organization ID:
sql
SELECT id FROM organizations WHERE slug = 'your-company';Then create the vault (replace the UUID):
sql
INSERT INTO vaults (org_id, name, slug, storage_bucket, is_default)
VALUES (
'ORG-UUID-HERE', -- Your organization ID from above
'Main Vault', -- Display name
'main-vault', -- URL-safe slug
'vault', -- Storage bucket name (must match step 3)
true -- Make this the default vault
);Step 9: Create Default Workflow
Files need a workflow to track their lifecycle states (WIP → In Review → Released → Obsolete).
Get your organization and user IDs:
sql
SELECT id FROM organizations WHERE slug = 'your-company';
SELECT id FROM users WHERE email = '[email protected]';Create the default workflow (replace UUIDs):
sql
SELECT create_default_workflow_v2('ORG-UUID', 'USER-UUID');This creates the standard release workflow with:
- WIP (Work In Progress) - Initial state
- In Review - Ready for approval
- Released - Approved for use
- Obsolete - Deprecated/retired
Step 10: Deploy REST API (Required for Invites)
The REST API server is needed for sending invite emails and ERP integrations.
Deploy to Railway (Recommended)
- Go to railway.app/new
- Select "Deploy from Docker Image"
- Enter:
ghcr.io/bluerobotics/blueplm-api:latest - Add these environment variables (from Supabase Dashboard → Settings → API):
| Variable | Value |
|---|---|
SUPABASE_URL | Your Project URL |
SUPABASE_KEY | anon/public key |
SUPABASE_SERVICE_KEY | service_role key ⚠️ |
- Deploy and copy your API URL (e.g.,
https://your-app.railway.app)
Keep service_role Key Secret
The SUPABASE_SERVICE_KEY bypasses Row Level Security. Never expose it in client-side code.
Configure in BluePLM
- Go to Settings → Integrations → REST API
- Enable "Use External API"
- Enter your Railway API URL
- Click Test Connection to verify
Alternative Deployment Options
See the API README for:
- Render deployment
- Fly.io deployment
- Self-hosted Docker
Step 11: Customize Email Templates (Optional)
BluePLM includes branded email templates for authentication emails.
- Go to Authentication → Email Templates in Supabase Dashboard
- For each template type, copy the HTML from
supabase/email-templates/ - Update the Subject line as noted in the template README
Available templates:
- Confirm signup
- Magic link
- Change email
- Reset password
- Invite user
Sharing with Team Members
Share the Organization Code generated in Step 6 with your team.
Team members:
- Download BluePLM
- Select "I have an Organization Code"
- Paste the code
- Sign in with Google/email/phone
The code contains your Supabase connection info encoded — team members don't need to enter URLs or keys manually.
See User Setup Guide for detailed team member instructions.
Troubleshooting
Schema SQL fails with "bucket not found"
Create the vault storage bucket (Step 3) before running the schema.
Google Sign-In shows "redirect_uri_mismatch"
Verify your Supabase project URL is in Google Cloud's authorized redirect URIs exactly:
https://YOUR-PROJECT-REF.supabase.co/auth/v1/callbackUsers can't see any vaults
Grant vault access via Settings → Members & Teams. Non-admin users don't see vaults automatically.
Organization Code doesn't work
Regenerate the code by disconnecting and reconnecting to Supabase in BluePLM.
Can't sign in after running admin SQL
Make sure you signed out and back in after running the admin setup SQL.