Skip to main content

Role-Based Access and SSO Configuration

Updated this week

Overview

Controlling who can access your Psyke workspace and what they can do is important for both security and efficient team management. This article explains the available roles, best practices for access control, and how to set up Single Sign-On (SSO) if your organisation uses it.

User Roles

Each workspace member is assigned one of four roles:

  • Owner – Full access including billing, subscription, and the ability to delete the workspace. There is one Owner per workspace.

  • Admin – Can manage campaigns, publish pages, invite team members, and adjust workspace settings. Cannot access billing.

  • Editor – Can create and edit campaigns and pages. Cannot publish or manage team members.

  • Viewer – Read-only access. Can browse campaigns and pages but cannot make any changes.

Access Control Best Practices

  • Follow the principle of least privilege: give each person the minimum access they need to do their job.

  • Assign Viewer or Editor roles to contractors or external consultants rather than Admin.

  • Review your team list periodically and remove members who no longer need access.

  • Transfer workspace ownership before the current Owner leaves the organisation.

Single Sign-On (SSO)

SSO (Single Sign-On) lets your team log in to Psyke using your company's existing identity system — for example, Google Workspace, Okta, or Microsoft Azure AD. This means one set of credentials for all tools, and your IT team controls access centrally.

SSO configuration is available on the Pro plan and the Psyke For You plan. To set it up:

  1. Contact Psyke Support or your account manager to request SSO enablement.

  2. Provide your identity provider's SAML or OIDC metadata.

  3. Psyke's team will configure the connection and confirm when it is live.

  4. Test the login flow with a non-admin account before rolling it out to the full team.

What Happens When a Team Member Leaves

When someone leaves your organisation:

  1. Remove them from the workspace in Settings → Team.

  2. If they were the workspace Owner, transfer ownership first.

  3. If SSO is enabled, disabling their account in your identity provider will immediately revoke their Psyke access.

  4. Review any API keys or integrations they may have set up and rotate them if necessary.

Related Articles
How to share your workspace with your team
Managing Your Psyke Account and Subscription
Managing Teams, Roles and Workspace Permissions
Frequently Asked Questions (FAQs)
Security Practices and Data Privacy
Did this answer your question?