> For the complete documentation index, see [llms.txt](https://security.screendesk.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://security.screendesk.io/end-user-access/user-access-management.md). # User Access Management ## User Access Management Guide ### Overview This guide outlines the user management and authentication framework for Screendesk organizations, including roles, permissions, and authentication methods. ### Organization Structure * All users belong to an organization * Access to features is determined by user roles * User management is controlled by Owners and Admins ### User Roles and Permissions #### Owner & Admin * Full administrative access to the organization * Can manage billing and subscription settings * Can modify organization-wide settings * Can manage user roles and permissions * Can configure authentication methods #### Editor * Cannot access billing or organization settings * Cannot modify user roles or permissions * Has access to manage all recordings within the organization #### Member * Basic user role * Can manage only their own recordings * Cannot access organization settings * Cannot access other users' recordings ### Authentication Methods #### SAML SSO 2.0 * Enterprise-grade Single Sign-On * Integrates with existing identity providers * Supports automated user provisioning * When enabled, becomes the primary authentication method * **Important**: When SAML is enabled, only the organization owner can continue using email/password login #### SCIM * Automated user provisioning and deprovisioning * Synchronizes user attributes with identity provider * Streamlines user lifecycle management * Supports real-time user updates #### Email/Password + MFA * Traditional authentication method * Requires email verification * Multi-Factor Authentication (MFA) required for additional security * Available to all users when SAML is not enabled * Only available to organization owner when SAML is enabled ### Best Practices for User Management 1. Enable SAML SSO for enterprise organizations 2. Implement SCIM for automated user management 3. Regularly audit user roles and permissions 4. Ensure MFA is enabled for all email/password accounts 5. Document role assignments within your organization 6. Regularly review access logs and user activities 7. Remove inactive users promptly --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://security.screendesk.io/end-user-access/user-access-management.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.