Role-based access for controlling feature-level permissions via your organisation’s IDP.
After completing your IDP setup described in Integrating Your Identity Provider, this page explains how Trusst AI roles and permissions are structured and how they’re applied once users successfully authenticate.
Trusst AI uses a role-based access control system managed through your organisation’s identity provider (IDP), such as Okta or Microsoft Entra ID.
Roles must be passed to Trusst AI in the roles claim of the ID token.
If unavailable, Trusst AI will also accept a role (singular) or a groups claim.
Both must be arrays of strings.
The supported role keys are:
Viewer (trusst_ai_viewer)
Analyst (trusst_ai_analyst)
Editor (trusst_ai_editor)
Admin (trusst_ai_admin)
Ensure that users are assigned to one or more of these roles in your IDP, and that either the roles or groups claim includes them in the authentication payload.
{
"sub": "idp|ml-ops-9087",
"name": "Al Gorithm",
"email": "[email protected]",
"roles": [
"trusst_ai_admin"
]
}Contacts
contacts:view
✅
✅
✅
✅
Chat
chat:edit
🚫
✅
✅
✅
Criteria (view)
criteria:view
🚫
✅
✅
✅
Criteria (edit)
criteria:edit
🚫
🚫
✅
✅
General Settings (view)
settings_general:view
🚫
✅
✅
✅
General Settings (edit)
settings_general:edit
🚫
🚫
✅
✅
System Status
system_status:view
🚫
✅
✅
✅
Streams
streams:edit
🚫
🚫
🚫
✅
AI Agents (view)
agents:view
🚫
✅
✅
✅
AI Agents (edit)
agents:edit
🚫
🚫
🚫
✅
AI Agent Numbers (view)
agent_numbers:view
🚫
🚫
✅
✅
AI Agent Numbers (edit)
agent_numbers:edit
🚫
🚫
🚫
✅
AI Agent Abilities
agent_abilities:edit
🚫
🚫
🚫
✅
AI Agent Keys (Secrets)
agent_keys:edit
🚫
🚫
🚫
✅
Last updated