Organization Structure
Organizations
Each organization is a complete isolated workspace:- Data isolation: Complete separation between organizations
- User management: Invite and manage team members
- Integration access: Shared connections for the team
- Billing: Separate billing per organization
Membership
Users can belong to multiple organizations, each with independent:- Conversations and history
- Integrations and data access
- Settings and preferences
Roles & Permissions
Member Roles
| Role | Capabilities |
|---|---|
| Admin | Full organization management, billing, integrations |
| Member | Use Adapt, access shared integrations |
Admin Permissions
Admins can:- Invite and remove members
- Manage organization settings
- Set up and configure integrations
- Access billing and usage
- View audit logs
Member Permissions
Members can:- Chat with Adapt
- Use connected integrations
- Create and share conversations
- Set personal preferences
Integration Access
Organization Integrations
Set up by admins and shared across the team:- Data warehouse (Snowflake, Databricks)
- CRM (HubSpot)
- Support (Intercom, Zendesk)
- Communication (Slack)
Personal Integrations
Individual connections not shared with the team:- Gmail (your personal inbox)
- Calendar (your schedule)
- Google Drive (your files)
Data Access Controls
Query Scope
When you ask a question:- Adapt only queries integrations you have access to
- Results respect underlying system permissions
- Sensitive data requires appropriate access
Conversation Visibility
| Visibility | Who Can See |
|---|---|
| Private | Only you |
| Organization | All organization members |
Authentication
Supported Methods
| Method | Description |
|---|---|
| Google OAuth | Sign in with Google account |
| Email/Password | Traditional credentials |
| Passkey | WebAuthn passwordless login |
Session Security
- Sessions expire after inactivity
- Single sign-out across devices
- Session tokens are cryptographically secure
Multi-Factor Authentication
- Google OAuth inherits Google’s MFA
- Passkeys provide hardware-based authentication
- Email verification required for all accounts
Audit & Monitoring
Activity Logging
All access is logged:- User logins and sessions
- Queries and data access
- Integration usage
- Admin actions
Audit Trail
Admins can review:- Who accessed what data
- When actions occurred
- What changes were made
Best Practices
Limit admin access
Limit admin access
Only grant admin role to those who need organization management capabilities
Review integrations
Review integrations
Regularly audit which integrations are connected and remove unused ones
Use personal integrations
Use personal integrations
Keep sensitive personal data (email, calendar) as personal integrations
Monitor audit logs
Monitor audit logs
Review activity logs periodically for unusual access patterns
Enterprise Features
For enterprise customers:- SSO/SAML: Single sign-on with your identity provider
- SCIM: Automated user provisioning
- Custom roles: Granular permission configuration
- IP allowlisting: Restrict access by network