Manually managing access with policies or roles
In this setup, application access and authorization roles are fully governed by you (the provider). The provider creates and manages access policies and/or roles, and is solely responsible for assigning them to customer organizations or to specific users within those organizations.
Policy assignment model
Manual assignment by provider: Providers define the access policies (which determine what applications or features can be accessed) and roles (which define the user's level of access or responsibility). These are manually assigned to:
Entire customer organizations, or
Individual users within customer organizations.
No customer control: Once a policy or role is assigned, customer organizations - including their administrators - cannot edit, reassign, or remove them. This guarantees complete control by the provider over both who gets access and what level of access they receive.
Granular targeting: Providers can tailor access with precision by combining roles and policies, applying them based on internal rules, eligibility, or operational need - without requiring customer intervention.
No legal terms or pricing: These assignments do not depend on pricing tiers or formal contracts. The access model can be used for free, internal, experimental, or restricted-use cases where access is selectively granted.
Key Characteristics
Control
Provider-managed only (for both policies and roles)
Creation & assignment
Defined and assigned solely by the provider
Assignment acope
Organization-level or user-level
Customer visibility
Customers can view assigned policies/roles, but cannot modify them
No legal binding needed
Access and role assignment do not require pricing or legal agreements
Use case fit
Ideal for scenarios requiring strict provider control over access and authorization levels
Example Scenarios
A workflow automation platform grants backend access roles to enterprise IT teams in selected companies - without needing any customer-side configuration.
A beta feature is made available to specific users via a manually assigned role and access policy, managed entirely by the provider.
A regulated healthcare integration assigns read-only roles and application access based on internal compliance vetting, not customer input.
How to set this up
The following steps apply the same for roles or policies.
Refer to creating Policies to configure a policy that grants access to (parts of) your application(s).
Navigate to the Accounts.
Select the account you want to give access to (in case the customer account is not available, see Customer Accounts).
Determine if you want the entire organization to have access, or only specific users
Entire organization:
Go to Policies > Assigned Policies
Click ‘Assign Policy’ > To organization
Select the account and policy that gives the required access
Confirm the choice and close the dialog by clicking Assign Policy.
This can also be done by going to Accounts > Selecting the account > Expand the Policies section and clicking to 'Assign Policy'.
Specific users:
Go to Policies > Assigned Policies
Click ‘Assign Policy’ > To users
Select the user/s and policy that gives the required access
Confirm the choice and close the dialog by clicking Assign Policy.
This can also be done by going to Users > Selecting the user > Access > 'Assign Policy'
Your customer (or user of customer) can now login to your application.
An overview of all Policies assigned to customers (both accounts and users) can be found from the Policies or Role section, depending on the type of policy assigned. Policies can also be removed from these overviews, or from the Policies tab on the Account detail page, or Account - User detail page.
Last updated
Was this helpful?