Team Permissions and Security

1. Navigate to Settings > Roles & Permissions. 2. Review the default roles: Owner, Admin, Member, Viewer. 3. Create custom roles with specific permission sets. 4. Assign granular permissions per module: Clients, Invoices, Projects, etc. 5. Set record-level permissions for sensitive client data. 6. Assign roles to team members from the Team Members page. Permission changes take effect immediately for all affected users.

1. Go to Settings > Security > Single Sign-On. 2. Choose your identity provider: SAML 2.0 or OpenID Connect. 3. Enter your IdP metadata URL or upload the metadata XML. 4. Configure attribute mapping for email, name, and role. 5. Set the default role for SSO-provisioned users. 6. Enable "Require SSO" to enforce SSO login for all workspace members. 7. Test the SSO connection before enforcing it.

1. Enable two-factor authentication (2FA) for all admin accounts. 2. Review the audit log regularly in Settings > Audit Log. 3. Set session timeout policies (recommended: 8 hours for web, 30 days for mobile). 4. Configure IP allowlisting for admin access if needed. 5. Enable data governance rules for automatic data retention and deletion. 6. Regularly review API key usage and revoke unused keys. 7. Set up security notifications for suspicious login attempts.