> For the complete documentation index, see [llms.txt](https://accessiq.gitbook.io/accessiq-docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://accessiq.gitbook.io/accessiq-docs/getting-started/readme.md).

# What is AccessIQ

AccessIQ is an enterprise identity and access management (IAM) platform that helps organizations manage who can access what, and how. Whether you need to manage employee logins, connect with business partners, control access to your applications, or comply with security regulations, AccessIQ provides everything in one platform.

## Platform Overview

The following diagram shows how the core pieces of AccessIQ fit together — from your tenant workspace down to the users and applications you manage, with identity providers handling sign-in and access controls governing what each user can do.

```mermaid
graph TD
    T[Tenant Workspace] --> O1[Organizations & Teams]
    O1 --> U[Users]
    U --> A[Applications]

    IDP[Identity Providers] -->|Single Sign-On<br>& Social Login| U

    AC[Access Controls] -->|Roles &<br>Permissions| U
    AC -->|Policies &<br>Feature Flags| A

    U --> AL[Audit Logs]

    style T fill:#4A6FA5,color:#fff
    style O1 fill:#6B8EC2,color:#fff
    style U fill:#7FA7D4,color:#fff
    style A fill:#93BFE5,color:#1a1a1a
    style IDP fill:#E8A838,color:#1a1a1a
    style AC fill:#D4694A,color:#fff
    style AL fill:#6AAB73,color:#fff
```

## Core Capabilities

| Capability                    | Description                                                                                                                                                                       |
| ----------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **User Management**           | Add, invite, organize, and manage users. Support for self-registration, bulk operations, impersonation, and custom user attributes.                                               |
| **Access Control**            | Define roles with granular permissions, build a visual permission matrix, create access policies, and manage emergency (break-glass) access.                                      |
| **Organization Hierarchy**    | Model your company structure with organizations, departments, teams, and customer accounts. Hierarchical Role-Based Access Control (HRBAC) cascades permissions through the tree. |
| **Identity & SSO**            | Connect identity providers (Okta, Azure, Google, SAML, OIDC), configure directory sync via SCIM, set up social login, magic links, and custom authentication journeys.            |
| **Security**                  | Enforce password policies, MFA, bot detection, adaptive authentication, trusted networks and devices, continuous authentication, and security questions.                          |
| **Audit & Compliance**        | Full audit logging of all user and admin actions, audit streaming to external SIEMs, system health monitoring, identity verification, and data export for GDPR compliance.        |
| **Feature Entitlements**      | Feature flag management with projects, environments, rollouts, A/B testing, organization overrides, and SDK integration.                                                          |
| **Developers & Integrations** | OAuth credentials, API playground, webhooks, policy engine, components library, and Agent Guard for AI agent governance.                                                          |
| **B2B & Partners**            | Business application registry, PunchOut catalog integration, and partner connection management.                                                                                   |

## Who Uses AccessIQ

| Role                    | How They Use AccessIQ                                                                                       |
| ----------------------- | ----------------------------------------------------------------------------------------------------------- |
| **IT Administrators**   | Manage user access, configure identity providers, set security policies, and monitor system health          |
| **Security Teams**      | Enforce MFA, review audit logs, investigate incidents, and manage compliance requirements                   |
| **Team Managers**       | Organize users into teams and organizations, assign roles, and manage department-level access               |
| **Developers**          | Integrate AccessIQ into applications via API, SDK, or webhooks; manage feature flags and OAuth credentials  |
| **Compliance Officers** | Run audit reports, configure identity verification, manage data export requests, and review access policies |

## Key Concepts

| Concept                     | What It Means                                                                                                                                                                     |
| --------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Tenant**                  | Your isolated workspace in AccessIQ. All users, settings, and data belong to a tenant. Multi-tenancy ensures complete data isolation between organizations.                       |
| **Organization**            | A company, department, or team within your tenant. Organizations form a hierarchy that controls access scoping. Users can belong to multiple organizations with different roles.  |
| **Role**                    | A named set of permissions that defines what a user can do (e.g., Admin, Manager, Viewer). Roles can be built-in or custom, and can be composed of other roles (composite roles). |
| **Permission**              | A specific action a user is allowed to perform (e.g., `users:read`, `roles:write`, `audit:export`). Permissions are grouped by category and assigned to roles.                    |
| **Identity Provider (IdP)** | An external service (like Okta, Azure AD, or Google) that handles user authentication via SAML or OIDC.                                                                           |
| **Feature Flag**            | A toggle that controls whether a feature is available, with the ability to target specific users, organizations, or percentages for gradual rollouts.                             |
| **HRBAC**                   | Hierarchical Role-Based Access Control — AccessIQ's access model where permissions cascade through the organization hierarchy.                                                    |
| **Agent Guard**             | AccessIQ's AI agent governance module that provides consent management, tool scoping, compliance ledger, and risk monitoring for AI agents.                                       |

## Getting Started

New to AccessIQ? Follow these guides in order:

1. [Setting Up SSO](/accessiq-docs/getting-started/setting-up-sso.md) — Connect your identity provider
2. [Inviting Your First Users](/accessiq-docs/getting-started/inviting-first-users.md) — Add users to your tenant
3. [Logging In with SSO](/accessiq-docs/getting-started/logging-in-with-sso.md) — Guide for end users
4. [Onboarding a Customer](/accessiq-docs/getting-started/onboarding-a-customer.md) — Set up a customer organization
5. [Investigating Security Events](/accessiq-docs/getting-started/investigating-security-events.md) — Monitor and respond to security events
6. [Troubleshooting](/accessiq-docs/getting-started/troubleshooting.md) — Common issues and solutions


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://accessiq.gitbook.io/accessiq-docs/getting-started/readme.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
