Skip to Content
EnterpriseAdministrationUser Management

User Management (Enterprise)

Enterprise user management follows the same RBAC model described in Roles & Permissions, with additional enterprise-specific considerations.

SSO Enforcement

Enterprise customers can enforce SSO login exclusively, disabling email/password authentication for all users. To enable SSO enforcement:

  1. Configure at least one SSO provider and verify it is working
  2. Contact support@veriproof.app to enable SSO-only enforcement for your tenant
  3. Communicate to your users that email/password login will be disabled

Before enforcing SSO, ensure every user in your tenant can authenticate via the configured SSO provider. Any users who cannot authenticate via SSO will lose all portal access after enforcement is enabled.

SCIM Provisioning (Future)

Automated user provisioning via SCIM 2.0 is on the Veriproof roadmap. When available, SCIM will allow your identity provider (Entra ID, Okta) to automatically create and deactivate Veriproof portal accounts as users join, move, or leave your organization, and to synchronize group membership to Veriproof roles.

Contact your account manager to register interest in early access to SCIM provisioning.

Just-in-Time Provisioning

Currently, SSO logins from first-time users create a portal account with the CustomerAuditor role. A CustomerAdmin must then assign the correct role.

For organizations where all SSO users should have a specific role, configure the default role during the Settings → Account → SSO Configuration setup flow.

Service Accounts

For automation and machine-to-machine access, do not create human user accounts. Use application API keys (vp_live_* / vp_enterprise_*) scoped to the target application. These keys authenticate against the ingest or management APIs without a user session.

For API operations that require a user context (e.g. RBAC changes via the portal API), create a dedicated service account with the minimum required role, and store its credentials in your automation platform’s secrets manager.

Bulk User Import

To provision many users at once during initial setup, the User API supports batch invitations:

POST /v1/users/batch-invite
Content-Type: application/json
 
{
  "invitations": [
    { "email": "alice@acme.com", "role": "CustomerComplianceOfficer" },
    { "email": "bob@acme.com", "role": "CustomerViewer" }
  ]
}

Each user receives an individual invitation email. The batch endpoint is rate-limited to 50 invitations per request.

Last updated on
Self-Hosted PortalUpgrade Guide