> ## Documentation Index
> Fetch the complete documentation index at: https://adapt.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Access Controls

> How Adapt manages permissions and access to your data

Adapt uses role-based access controls to ensure users only access what they need.

## Organization Structure

### Organizations

Each organization is a complete isolated workspace:

* **Data isolation**: Complete separation between organizations
* **User management**: Invite and manage team members
* **Integration access**: Shared connections for the team
* **Billing**: Separate billing per organization

### Membership

Users can belong to multiple organizations, each with independent:

* Conversations and history
* Integrations and data access
* Settings and preferences

## Roles & Permissions

### Member Roles

| Role       | Capabilities                                        |
| ---------- | --------------------------------------------------- |
| **Admin**  | Full organization management, billing, integrations |
| **Member** | Use Adapt, access shared integrations               |

### Admin Permissions

Admins can:

* Invite and remove members
* Manage organization settings
* Set up and configure integrations
* Access billing and usage
* View audit logs

### Member Permissions

Members can:

* Chat with Adapt
* Use connected integrations
* Create and share conversations
* Set personal preferences

## Integration Access

### Organization Integrations

Set up by admins and shared across the team:

* **Data warehouse** (Snowflake, Databricks)
* **CRM** (HubSpot)
* **Support** (Intercom, Zendesk)
* **Communication** (Slack)

All members can query these integrations.

### Personal Integrations

Individual connections not shared with the team:

* **Gmail** (your personal inbox)
* **Calendar** (your schedule)
* **Google Drive** (your files)

Only you can access your personal integrations.

## Data Access Controls

### Query Scope

When you ask a question:

* Adapt only queries integrations you have access to
* Results respect underlying system permissions
* Sensitive data requires appropriate access

### Conversation Visibility

| Visibility       | Who Can See              |
| ---------------- | ------------------------ |
| **Private**      | Only you                 |
| **Organization** | All organization members |

You control the visibility of each conversation.

## Authentication

### Supported Methods

| Method             | Description                 |
| ------------------ | --------------------------- |
| **Google OAuth**   | Sign in with Google account |
| **Email/Password** | Traditional credentials     |
| **Passkey**        | WebAuthn passwordless login |

### Session Security

* Sessions expire after inactivity
* Single sign-out across devices
* Session tokens are cryptographically secure

### Multi-Factor Authentication

* Google OAuth inherits Google's MFA
* Passkeys provide hardware-based authentication
* Email verification required for all accounts

## Audit & Monitoring

### Activity Logging

All access is logged:

* User logins and sessions
* Queries and data access
* Integration usage
* Admin actions

### Audit Trail

Admins can review:

* Who accessed what data
* When actions occurred
* What changes were made

[Learn more about audit logging →](/security/audit-logging)

## Best Practices

<AccordionGroup>
  <Accordion title="Limit admin access">
    Only grant admin role to those who need organization management capabilities
  </Accordion>

  <Accordion title="Review integrations">
    Regularly audit which integrations are connected and remove unused ones
  </Accordion>

  <Accordion title="Use personal integrations">
    Keep sensitive personal data (email, calendar) as personal integrations
  </Accordion>

  <Accordion title="Monitor audit logs">
    Review activity logs periodically for unusual access patterns
  </Accordion>
</AccordionGroup>

## Enterprise Features

For enterprise customers:

* **Custom roles**: Granular permission configuration
* **IP allowlisting**: Restrict access by network

Contact [sales@adapt.com](mailto:sales@adapt.com) for enterprise access controls.

<CardGroup cols={2}>
  <Card title="Audit Logging" icon="list-check" href="/security/audit-logging">
    Review activity and access
  </Card>

  <Card title="Security Overview" icon="shield" href="/security/overview">
    Complete security documentation
  </Card>
</CardGroup>
