Access Controls
Workplace.io uses workspace membership and role-based access control to ensure users only access the data and settings
they are authorized to view or manage.
Last updated: December 16, 2025
At a glance
- Workspace boundary: data access is scoped to a workspace; users only see workspaces they belong to.
- Roles: roles control administrative actions such as integrations, billing, and member management.
- Archived workspaces: archived workspaces are removed from selection and cannot be activated.
- Session security: sessions use secure, HTTP-only cookies with CSRF protection on state-changing requests.
Core concepts
Access to Workplace.io is governed by a combination of identity (who you are), workspace membership (which organizations you
belong to), and role-based permissions (what you can do inside a workspace).
- Identity: users authenticate via SSO or email/password.
- Membership: membership ties a user to a workspace.
- Authorization: roles determine which settings and actions are permitted.
Workspace isolation
Workplace.io is organized around workspaces. Each workspace is a tenant boundary for data access and administration.
Users only have access to data for workspaces where they are members.
- Scoped views: dashboards, insights, and settings are scoped to the active workspace.
- Membership required: users cannot access a workspace unless they have an explicit membership.
- Archive behavior: archiving a workspace disables access without deleting underlying data.
Roles and permissions
Roles control which users can manage sensitive settings. Typical capabilities are summarized below. Exact permissions may
evolve as the product develops, but the guiding principle is least privilege.
- Owner/Admin: can manage integrations, billing, members/roles, and high-impact settings (including archiving a workspace).
- User/Member: can access standard dashboards and features allowed by the workspace configuration.
- Viewer: read-only access to dashboards and reports, without administrative permissions.
Recommended practice
Limit administrative roles to a small set of trusted operators. Use SSO and enforce MFA in your identity provider where possible.
Integration administration
Connecting data sources is a privileged action. Only authorized roles can connect, disconnect, or change integration settings.
Integration credentials are protected and access-restricted to the services that require them.
- Slack / Microsoft Teams: workspace admins authorize integrations via OAuth.
- Credential protection: integration credentials are restricted to synchronization and processing services.
- Disconnect: disabling an integration stops future synchronization.
Reporting access and aggregation
Workplace.io is designed for organizational insight. Reporting is structured to emphasize aggregated results and trends.
Customers can use groups to structure analysis, and we encourage configurations that reduce the risk of identifying individuals.
- Groups: used to scope reporting and comparisons.
- Anonymity considerations: configurations may limit visibility for very small groups to reduce identification risk.
- Short-lived message content: message content is processed briefly and removed; results are retained as metadata.
Administrative actions and auditability
Administrative actions (such as changing roles, connecting integrations, or archiving a workspace) are limited to authorized roles.
We maintain operational logs to support troubleshooting and incident investigation, and we minimize sensitive content in logs.
Session controls
We use standard web session protections to reduce risk from session theft or cross-site request attacks.
- Cookies: secure, HTTP-only session cookies.
- CSRF protection: enforced on state-changing requests.
- Sign-out: sign-out invalidates active sessions.