> ## Documentation Index
> Fetch the complete documentation index at: https://docs.eraneos.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Access Control

> Authentication, authorization, and user management in BusinessGPT

## Authentication

BusinessGPT implements robust authentication mechanisms to ensure that only authorized users can access the platform:

### Single Sign-On (SSO)

<AccordionGroup>
  <Accordion icon="key" title="Azure AD Integration">
    BusinessGPT integrates seamlessly with Azure Active Directory, allowing organizations to:

    * Leverage existing corporate identities
    * Apply consistent access policies
    * Enforce password complexity requirements
    * Implement conditional access policies
  </Accordion>

  <Accordion icon="shield-check" title="Multi-Factor Authentication (MFA)">
    All users must use multi-factor authentication, which provides:

    * An additional layer of security beyond passwords
    * Protection against credential theft and phishing attacks
    * Compliance with security best practices and regulations
    * Support for various authentication methods (authenticator apps, SMS, etc.)
  </Accordion>
</AccordionGroup>

## Authorization

BusinessGPT uses a comprehensive role-based access control (RBAC) system to ensure that users can only access the resources and perform the actions they are authorized for:

### Role-Based Access Control

<CardGroup cols={3}>
  <Card title="Owner" icon="crown">
    Full control over resources, including user management and deletion
  </Card>

  <Card title="Editor" icon="pen-to-square">
    Can create, modify, and collaborate on content
  </Card>

  <Card title="Viewer" icon="eye">
    Read-only access to specific resources
  </Card>
</CardGroup>

### Permission Levels

Access control is implemented at multiple levels:

1. **Organization Level**
   * Controls who can access the organization's BusinessGPT instance
   * Manages organization-wide settings and policies

2. **Knowledge Base, Assistant, and Prompt Level**
   * Determines who can access specific knowledge bases, assistants, and prompts
   * Controls specific settings and configurations for these resources

3. **Resource Level**
   * Governs access to individual chats, documents, and other resources
   * Enables detailed sharing and collaboration

## User Management

BusinessGPT provides comprehensive user management features:

### User Provisioning

<AccordionGroup>
  <Accordion icon="user-plus" title="User Onboarding">
    * Automated user provisioning via Azure AD
    * Invitation-based user registration
    * Self-service account creation (if enabled)
    * Initial role assignment
  </Accordion>

  <Accordion icon="user-minus" title="User Offboarding">
    * Immediate access revocation
    * Data transfer options for user content
    * Audit trail of user activities
    * Compliance with data retention policies
  </Accordion>
</AccordionGroup>

### User Administration

Administrators have access to user management tools:

* User activity monitoring and reporting
* Role and permission management
* Access policy enforcement
