Managing who has access to what in Tines is key to keeping your tenant secure and organized. These best practices help ensure users only get the access they need, when they need it, using clear processes and visibility.

Use single sign-on (SSO) and provision users using system for cross-domain identity management (SCIM) or just-in-time (JIT) to ensure access is controlled through your identity provider (IdP).

Centralizing authentication and user provisioning through your IdP reduces manual account management, minimizes the risk of orphaned accounts, and ensures users only have access while they're authorized.

Leverage our default roles, or custom roles (if available in your plan), to fine-tune the permissions you grant to your Tines users.

Roles allow you to precisely control what users can do within Tines. This helps reduce the risk of accidental misconfiguration or abuse of sensitive features, especially in tenants with many users or varied responsibilities.

Set up an access request process to grant users access to teams and to assign specific roles. Include an audit trail for access requests and store it in records or another data storage tool. Here's an example of a story that can execute this process: Request and approve access to new tools with an audit trail.

Having a structured access request and approval process enforces the principle of least privilege and ensures accountability. Storing audit trails in Tines records or another storage tool allows teams to track who requested access, who approved it, and when. This is critical for audits, compliance, and incident investigations.