Abacus.AI supports various user types and login methods to accommodate different organizational needs:
Platform admins have full administrative access to the Abacus.AI platform and external chat functionalities.
Chat admins have administrative privileges over the external chat functionalities and can view the Abacus.AI platform. They do not have full platform permissions but are platform users by default.
Chat-only users have the lowest level of permissions and are restricted to interacting only with the Abacus.AI Chat LLM. The domain for external chat users is of the type <tenant>.abacus.ai/chatllm.
- Platform Admins: Have full administrative access to the Abacus.AI platform and external chat.
- Chat Admins (Platform Users): Have access to the Abacus.AI platform and administrative access to the external chat.
- Chat-Only Users: Have access only to the Abacus.AI Chat LLM.
A user's role and permissions are defined within the context of a specific organization. See Managing Multiple Organizations for more.
Abacus.AI supports multiple login methods to accommodate various organizational needs:
- Username + Password
- Single Sign-On (SSO)
- Google (Enterprise and Self-Service)
- Microsoft (Enterprise and Self-Service)
- Okta (Enterprise Only)
- GitHub (Enterprise Only)
- Apple (Self-Service Only for ChatLLM)
- Users can set up both SSO and username/password logins.
- Platform Admins can restrict login methods to enforce security policies.
- SSO Protocols: Abacus.AI uses OpenID Connect (OIDC) for Okta and Microsoft.
- Setup Guides:
Platform Admins have the ability to manage permissions both on the platform and within the external chat LLM.
- Platform Admins can manage user roles and permissions within the Abacus.AI platform.
- Groups and Bots: External Admins can create and manage groups and bots, assigning specific permissions to each.
- Active Directory Integration: Permissions can be controlled using Microsoft Active Directory (AD).
- Platform Admins can enable domain signup, allowing anyone within the organization to sign up using their company email.
- Platform Admins can manage multiple organizations within Abacus.AI.
- Users can be added to multiple organizations, with specific roles and permissions for each.
- Roles are scoped to organizations. For example, a user can be a platform user for Organization X and a chat-only user for Organization Y. This means that a user who can access the platform will only see information pertaining to the organizations they have roles in.
- How can users set up and use both SSO and passwords?
Users can set up and use both SSO and passwords by default if one of the methods is enabled.
- How can my team restrict access to the SSO option that we have enabled?
Please contact the Abacus.AI team at support@abacus.ai and we will set up a time with you to remove alternative login methods as well as disable password login during a time that will be least disruptive to your team.
