Managing your organization
This guide covers how to manage your organization's profile, team members, roles, and security settings in Compliance Studio. Organization management is available to users with the Owner or Admin role. If you have a different role, contact your organization's Owner or Admin to request changes.
Organization profile
Your organization profile defines how your organization is displayed within Compliance Studio.
Organization name and logo
Update your organization's display name and upload a logo through the organization settings. The logo is displayed in the sidebar and in any shared contexts within Compliance Studio.
Verified domains
Verified domains control how new members can join your organization. After adding a domain, you can choose between:
- No automatic enrollment -- Members can only join through a direct invitation
- Automatic suggestions -- Users with a matching email domain receive a suggestion to request access, but must still be approved by an administrator
Verified domains also play an important role in SSO configuration, as they determine which users are redirected to your identity provider during login.
Team members
Viewing the member list
The member list displays all current members of your organization along with their names, email addresses, and assigned roles. Use the search bar to find specific members.
The members view includes three tabs:
- Members -- Current active members
- Invitations -- Pending invitations that haven't been accepted yet
- Requests -- Pending join requests from users with matching verified domains
Inviting new members
- Navigate to the organization settings and select Members
- Click the Invite button
- Enter one or more email addresses, separated by commas or spaces
- Select a role from the dropdown
- Click Send invitations
Invited members are shown as (Pending) in the member list until they accept the invitation. You can resend or delete pending invitations from the Invitations tab.
Roles and permissions
Each member is assigned a role that determines what they can access and modify within Compliance Studio.
| Role | Capabilities |
|---|---|
| Owner | Full access to all organization settings, billing, and resources. Can transfer ownership and delete the organization. |
| Admin | Manages members, products, and organization settings. Can't manage billing or transfer ownership. |
| Member | Can view and edit products within the organization. Can't manage members or organization settings. |
| Developer | Can access developer settings and product configurations. Can be scoped to specific products rather than all products. |
| Knowledge | Access to regulatory intelligence tools (KnowledgeKit) only. Can't view or manage products. |
| Customer Support | Access to event logs and support tools. Can't modify product configurations. |
| Product Evaluation | Read-only access for evaluating products. Can't make changes to any settings. |
Changing a member's role
- Locate the member in the member list
- Click the dropdown next to their current role
- Select the new role
Role changes take effect immediately.
Product-level access for Developers
Members with the Developer role can be restricted to specific products within your organization, rather than having access to all products. This provides fine-grained access control when different developers work on different products.
To assign product access:
- Navigate to Member Access in the organization settings
- Find the Developer whose access you want to configure
- Click Select Products and choose the products they should have access to
Only the Developer role supports product-level access restrictions. Owners and Admins always have access to all products.
Leaving an organization
Any member can leave an organization through the organization settings. Click Leave organization and confirm your decision.
Leaving an organization immediately removes your access to all of its resources. This action can't be undone -- you'll need a new invitation to rejoin.
Owners must transfer ownership to another member before they can leave. Every organization must have at least one Owner.
Configuring SSO
Single Sign-On (SSO) lets your organization members authenticate using their existing corporate identity credentials. k-ID supports SAML 2.0 and EASIE protocols.
Single Sign-On setup is managed by k-ID support. Below is a summary of the process.
Setup process
- Contact k-ID support -- Reach out to your account representative or k-ID support to initiate SSO setup
- Configure your Identity Provider -- Using the details provided by k-ID (ACS URL, Entity ID, and metadata URL), create a k-ID application in your IdP (Okta, Azure AD, Google Workspace, OneLogin, and others)
- Exchange metadata -- Share your IdP's metadata URL or XML file with your k-ID representative
- Test the connection -- k-ID configures and tests the SSO connection on their end
- Enable SSO -- Once verified, SSO is activated for your organization
Impact of enabling SSO
Once SSO is enabled, members with email addresses matching your verified domains can no longer log in with their k-ID password. All authentication is handled through your identity provider.
Troubleshooting
If members experience issues logging in after SSO is enabled:
- Verify the user is assigned to the k-ID app in your identity provider
- Confirm the user's email domain matches a verified domain in k-ID
- Check that attribute mappings (
email,first name, andlast name) are configured correctly in your IdP - Review your identity provider's logs for authentication errors
- Contact k-ID support for further assistance