Admin & Governance Guide | My AI Front Desk

Role & Permission Matrix

Four built-in roles with granular permissions. Each role controls what a user can view, listen to, export, edit, and manage.

Permission	IT Admin	Supervisor	Analyst	Agent
View call logs / metadata	Yes	Yes	Yes	Yes
View transcripts	Yes	Yes	Yes	No
Listen to recordings	Yes	Yes	No	No
Download / export recordings	Yes	No	No	No
Delete call records	Yes	No	No	No
Change recording settings	Yes	No	No	No
Edit knowledge base / AI scripts	Yes	Yes	No	No
Manage integrations (CRM, webhooks)	Yes	No	No	No
Change retention settings	Yes	No	No	No
Manage users / assign roles	Yes	No	No	No
Change routing / transfer rules	Yes	Yes	No	No
View analytics dashboard	Yes	Yes	Yes	No
Export audit logs	Yes	No	No	No

Separation of Duties Examples

IT Admin vs Supervisor

IT Admin manages integrations, retention, recording settings, and user roles. Supervisor manages knowledge base, routing rules, and reviews call transcripts. Neither role overlaps unnecessarily.

Supervisor vs Analyst

Supervisor can view transcripts and listen to recordings. Analyst can view call metadata and analytics but cannot access transcript text or audio. This supports audit-compliant access control.

Agent (Read-Only)

Agents see their own call logs and metadata. They cannot view transcripts, listen to recordings, or modify any system settings.

Offboarding a User

When a user is removed from your identity provider (via SCIM), their My AI Front Desk access is revoked immediately. No manual deactivation needed.

How Offboarding Works

User removed from IdP — When you remove a user from Okta, Azure AD, or your SCIM-connected identity provider.
SCIM deprovisioning — SCIM sends a deprovisioning event to My AI Front Desk within seconds.
Access revoked — User loses all access immediately. Active sessions are terminated.
Audit logged — The deprovisioning event is logged in audit logs with timestamp and admin context.

Sample Audit Log Events

2024-03-10 09:15:22  login                     user: admin@company.com logged in via Okta SSO
2024-03-10 09:20:01  transcript_view           user: supervisor@company.com viewed transcript for call_xyz789
2024-03-10 10:05:30  recording_download        user: admin@company.com exported recording for call_xyz789
2024-03-10 11:30:15  knowledge_base_edit       user: supervisor@company.com updated FAQ: pricing section
2024-03-10 14:00:44  retention_policy_change   user: admin@company.com set audio retention to 60 days
2024-03-10 16:22:10  user_deprovisioned        SCIM: removed former.employee@company.com — all access revoked
2024-03-10 16:22:11  session_terminated        Active session for former.employee@company.com terminated

Frequently Asked Questions

Can a supervisor see transcripts but not change routing?

Yes. Supervisor role has read access to transcripts and can edit knowledge base, but cannot change integrations, retention, or user roles.

Can an analyst see call data without hearing recordings?

Yes. Analyst role can view call metadata and analytics but cannot access transcript text or play/download audio.

What events are captured in audit logs?

Login, transcript views, recording plays, recording downloads, knowledge base edits, retention policy changes, role changes, and user provisioning/deprovisioning.

Can we export audit logs?

Yes. Audit logs can be exported via dashboard and API. SIEM streaming available on enterprise plans.

How does user offboarding work?

When removed from your identity provider via SCIM, the user's access is revoked immediately and active sessions are terminated. The event is audit-logged.

Is My AI Front Desk visitor kiosk software?

No. My AI Front Desk is an AI phone receptionist, not a visitor management or kiosk system.