Roles & Permissions Matrix
Four built-in roles with granular permissions, each role controls what a user can view, play, export, edit, and manage.
| Permission | Admin | Supervisor | Analyst | Agent |
|---|---|---|---|---|
| View call logs / metadata | Yes | Yes | Yes | Yes |
| View transcripts | Yes | Yes | Yes | No |
| Play audio recordings | Yes | Yes | No | No |
| Download / export recordings | Yes | No | No | No |
| Delete call records | Yes | No | No | No |
| Change recording settings | Yes | No | No | No |
| Edit knowledge base / scripts | Yes | Yes | No | No |
| Manage integrations | Yes | No | No | No |
| Change retention settings | Yes | No | No | No |
| Manage users / roles | Yes | No | No | No |
| View analytics dashboard | Yes | Yes | Yes | No |
SSO & Identity Management
Enterprise-grade identity integration for centralized authentication and automated user lifecycle management.
- SAML 2.0 SSO, Supported on Enterprise plan. Connect your identity provider (Okta, Azure AD, Google Workspace, etc.).
- OIDC SSO, OpenID Connect supported on Enterprise plan.
- SCIM provisioning, Automated user provisioning and deprovisioning via SCIM 2.0 on Enterprise plan.
- Enforce SSO-only, Yes. You can disable password login and enforce SSO-only access on Enterprise plan.
- Offboarding, When a user is removed from your IdP, access is revoked immediately via SCIM.
Audit Log Events (Sample Entries)
2024-01-15 09:31:22 transcript_view user: jane@company.com viewed transcript for call_abc123 2024-01-15 09:45:10 recording_play user: jane@company.com played recording for call_abc123 2024-01-15 10:02:44 recording_download user: admin@company.com downloaded recording for call_abc123 2024-01-15 14:15:03 retention_policy_change user: admin@company.com changed retention from 90 to 60 days 2024-01-15 16:30:00 role_change user: admin@company.com changed jane@company.com role from Agent to Supervisor 2024-01-16 08:00:15 knowledge_base_edit user: supervisor@company.com updated FAQ entry: business hours 2024-01-16 11:22:33 user_deprovisioned SCIM: removed user former@company.com, access revoked
Audit Log Export
Audit logs can be exported via the admin dashboard or API. For enterprise customers requiring SIEM integration, audit events can be streamed to your security information and event management platform. Contact sales for SIEM integration details.
Frequently Asked Questions
Can an office manager see transcripts but not audio?
Yes. The Supervisor role can view transcripts but not play or download audio recordings. Permissions are granular per role.
Do you have audit logs?
Yes. My AI Front Desk logs all access events: transcript views, recording plays, downloads, policy changes, role changes, and user provisioning/deprovisioning.
Can audit logs be exported to SIEM?
Yes. Audit log export is available via dashboard and API. SIEM streaming is available on enterprise plans.
Do you support SSO?
Yes. SAML 2.0 and OIDC SSO on Enterprise plan. You can enforce SSO-only and disable password login.
What about SCIM?
SCIM 2.0 provisioning is supported on Enterprise plan for automated user lifecycle management.
Can I enforce SSO-only and disable password login?
Yes. Enterprise plan supports enforcing SSO-only access.
How does offboarding work?
When a user is removed from your identity provider, SCIM immediately revokes their My AI Front Desk access.