# User Access Management ## User Access Management Guide ### Overview This guide outlines the user management and authentication framework for Screendesk organizations, including roles, permissions, and authentication methods. ### Organization Structure * All users belong to an organization * Access to features is determined by user roles * User management is controlled by Owners and Admins ### User Roles and Permissions #### Owner & Admin * Full administrative access to the organization * Can manage billing and subscription settings * Can modify organization-wide settings * Can manage user roles and permissions * Can configure authentication methods #### Editor * Cannot access billing or organization settings * Cannot modify user roles or permissions * Has access to manage all recordings within the organization #### Member * Basic user role * Can manage only their own recordings * Cannot access organization settings * Cannot access other users' recordings ### Authentication Methods #### SAML SSO 2.0 * Enterprise-grade Single Sign-On * Integrates with existing identity providers * Supports automated user provisioning * When enabled, becomes the primary authentication method * **Important**: When SAML is enabled, only the organization owner can continue using email/password login #### SCIM * Automated user provisioning and deprovisioning * Synchronizes user attributes with identity provider * Streamlines user lifecycle management * Supports real-time user updates #### Email/Password + MFA * Traditional authentication method * Requires email verification * Multi-Factor Authentication (MFA) required for additional security * Available to all users when SAML is not enabled * Only available to organization owner when SAML is enabled ### Best Practices for User Management 1. Enable SAML SSO for enterprise organizations 2. Implement SCIM for automated user management 3. Regularly audit user roles and permissions 4. Ensure MFA is enabled for all email/password accounts 5. Document role assignments within your organization 6. Regularly review access logs and user activities 7. Remove inactive users promptly --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://security.screendesk.io/end-user-access/user-access-management.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.