Role-based organization access

Role-based organization access allows you to grant customer accounts special permissions to organizations. Accounts with organizational roles can perform certain account management tasks, similar to brand admins in the Admin Console, but on a smaller scale, for organizations.

Creating roles

Roles are created on an identity store basis. No restrictions apply to roles which means any role can be used to give permission to any of the organizations in the identity store. Also, accounts of the identity store don't need to be tied to any specific organization to be assigned a role to any organization.

It's up to a brand’s discretion which account gets which permission to a specific organization.

  1. Navigate to Organizations > Roles.
  2. Click '+Create role'


You don't need to have an organization to create roles. Organizations are only required at role assignment.

  1. Mandatory Add the name of the role.
  2. You can add a description that will appear under the role in listings.
  3. You can choose to assign this role automatically to users who register to an existing organization via self-service.
  4. You can choose to assign this role automatically to only the first person who registers to an existing organization.
  5. Choose the access rights from the list.
  6. Once you've finished, click Save.

Roles assignment

  1. Navigate to Organizations > Role assignments.
  2. You can change the identity store.
  3. Pair an Organization and Role. This will be the permission assigned to the selected account(s).
  4. Click '+ Assign accounts'.
    You will be redirected to the 'Unassigned roles' tab.
  5. Select one or more accounts from the list.
  6. Click "+ Assign"
  7. Confirm the dialog.


You will be informed about the successfulness of the role assignment. You can return to the Role assigments tab with the back button at the bottom of the page.