# Onboarding a Customer This guide walks through the full process of onboarding a new customer in AccessIQ -- from creating their organization to granting application access and configuring entitlements. *** ## Before You Begin You need the **Owner** or **Admin** role in your tenant to complete all steps in this guide. If you only manage a specific part of the hierarchy, you can perform steps within your accessible organizations. *** ## Step 1: Create the Organization Organizations represent companies, divisions, departments, or teams in your hierarchy. Start by creating a top-level organization for your customer. 1. Go to **Org & Acc Management > Org Hierarchy** in the sidebar. 2. Click the **+ New Organization** button in the top-right corner. 3. Fill in the details: * **Name** -- The customer's company or department name. * **Organization Type** -- Choose from Company, Division, Business Unit, Region, Branch, Department, Cost Center, Practice, Team, Squad, Guild, or Custom. * **Parent Organization** -- Select the parent node in your hierarchy, or leave blank for a root-level org. * **Description** -- Optional notes about this customer. 4. Click **Create Organization**. > **Tip:** You can also create child organizations later by clicking the **+** icon next to any existing organization in the tree view. ### What to verify * The new organization appears in the hierarchy tree under the correct parent. * The organization type badge displays correctly (e.g., "Company", "Division"). * The user count shows 0 (no users assigned yet). *** ## Step 2: Invite Users to the Organization Now bring people into the organization by sending invitations. 1. Go to **User Management > Invitations** in the sidebar. 2. Click **Invite User**. 3. In the invitation form: * **Email** -- Enter the user's email address. * **Role** -- Select the role to assign (e.g., Member, Manager, Admin). The tenant's default role is pre-selected. * **Organization** -- Choose the organization you just created. * **Identity Provider** -- The primary provider is auto-selected. 4. Click **Send Invitation**. The user receives an email with a link to accept the invitation and set up their account. > **Tip:** For onboarding many users at once, click **Bulk Invite** to paste a list of email addresses. All users in the batch receive the same role and organization assignment. ### What to verify * The invitation appears in the list with a **Pending** status badge. * The invitation stats at the top of the page update to reflect the new pending count. * The invited user receives the email (check spam/junk if it does not arrive within a few minutes). *** ## Step 3: Assign Roles to Users Roles control what users can see and do within AccessIQ. You can adjust roles after a user accepts their invitation. 1. Go to **Access Control > Roles & Permissions** in the sidebar. 2. Review the available roles and their permissions. Common roles include: * **Owner** -- Full control over the tenant. * **Admin** -- Manage users, organizations, and settings. * **Manager** -- Manage users within assigned organizations. * **Member** -- Standard access. * **Viewer** -- Read-only access. 3. To change a user's role, go to **User Management > Users**. 4. Find the user in the table (use the search bar or status filter). 5. Click the user's row to view their details, including current roles and organization assignments. > **Tip:** Use the **Permission Matrix** page (under Access Control) to see a side-by-side comparison of what each role can access. ### What to verify * The user's role appears correctly on their row in the Users table. * The user can sign in and see the appropriate sections based on their role. *** ## Step 4: Grant Application Access Register the applications your customer needs to access, then assign them. 1. Go to **Developers & Integrations > Applications** in the sidebar. 2. If the application does not already exist, click **+ New Application** and fill in: * **Name** -- A short identifier (e.g., "customer-portal"). * **Display Name** -- The name users will see. * **Type** -- SaaS, Internal, API, or Custom. * **Description** -- What this application does. * **Requires Assignment** -- Toggle on if users must be explicitly granted access. 3. Click **Create Application**. 4. To manage which organizations can access the application, expand the application row and configure **Organization Overrides**: * Add the customer's organization. * Set whether the application is active for that organization. > **Tip:** Applications with "Requires Assignment" enabled will only be accessible to users whose organization has been explicitly granted access. ### What to verify * The application appears in the Applications list with the correct type badge (SaaS, Internal, API, or Custom). * The organization override shows the customer's organization with the expected status. *** ## Step 5: Configure Entitlements Entitlements let you see which features and access scopes are resolved for the current session. 1. Go to **Home > Entitlements** in the sidebar. 2. This page shows the current session's resolved claims, including: * **Roles and Permissions** assigned to the user. * **Organization Access** -- which organizations the user can reach. * **Feature Flags** -- any feature entitlements resolved from your feature flag projects. * **Policy Decisions** -- authorization policy results. 3. Use this page to verify that a user's access is configured correctly after completing the previous steps. To manage feature-level entitlements for the customer's organization: 1. Go to **Feature Entitlements > Overview** in the sidebar. 2. Review active feature flags and their values. 3. Go to **Feature Entitlements > Projects** to see flags grouped by project. 4. For organization-specific overrides, select a flag and add an override for the customer's organization. ### What to verify * The Entitlements page shows the expected roles, organizations, and feature flags. * Any organization-level feature flag overrides are applied correctly. *** ## Step 6: Set Up a Customer Account (Optional) Customer accounts track billing, contacts, and subscription details tied to an organization. 1. Go to **Org & Acc Management > Customer Accounts** in the sidebar. 2. Click **New Account**. 3. In the account form, fill in: * **Name** -- Account display name. * **Organization** -- Select the customer's organization. * **Account Type** -- Choose from your defined types (e.g., Premium, Standard), or create a new type in the right-hand panel. * **Primary Contact** -- Email and phone for the main point of contact. * **Billing Details** -- Address and payment information. * **Status** -- Active or Inactive. 4. Click **Save**. ### What to verify * The account appears in the Customer Accounts table linked to the correct organization. * The account type, primary contact, and status are displayed correctly. *** ## Summary Checklist | Step | Where to Go | What You Did | | ---- | ---------------------------------------- | ---------------------------------------------- | | 1 | Org & Acc Management > Org Hierarchy | Created the customer's organization | | 2 | User Management > Invitations | Invited users to the organization | | 3 | Access Control > Roles & Permissions | Verified or adjusted user roles | | 4 | Developers & Integrations > Applications | Registered applications and granted org access | | 5 | Home > Entitlements | Verified resolved entitlements | | 6 | Org & Acc Management > Customer Accounts | Created a customer account (optional) | *** ## What's Next * [Set up SSO for your customer](/accessiq-docs/getting-started/setting-up-sso.md) so users can sign in with their corporate credentials. * [Review audit logs](/accessiq-docs/getting-started/investigating-security-events.md) to monitor onboarding activity. * [Configure branding](https://github.com/AccessIQ-app/Identia/blob/main/docs/product-guide/workspace/branding.md) to customize the login experience for your customer. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://accessiq.gitbook.io/accessiq-docs/getting-started/onboarding-a-customer.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.