Transcend allows for hyper-specific access control to restrict what your organization
members can or cannot do on your organization's Transcend account. Every route that we expose has the ability to be managed from the Member Scopes tab →. This means the administrator of your account can dictate which views the users in your transcend account can see, as well as which changes they can make. We call these access controls
Scope Tip: "This is a configurable scope!"
Throughout these docs, we will indicate when a section is referring to some set of scopes. Look for messages like this to determine how you can configure access control for certain features.
We break down every view we show, and action we allow into
scopes. An administrator of your Transcend account can assign these
scopes to individual
members, or to
teams of members within your organization.
Scopes can also be assigned to API keys. The API keys can be given that same privileges as any
member in your organization.
You can manage the assignment of "Scopes" on the Member Scopes → tab.
Every employee, partner, or person that should have a login to your Transcend account is known as a
member. By default, each
member has no
scopes. They cannot see any incoming Requests or private configurations for your organization. The only changes they can make are to their personal account settings.
You can manage and invite new "Users" on the Users and Scopes → tab.
Typically, groups of
members should be assigned the same set of
scopes. For this reason, we allow you to create
teams of members, and assign scopes to everyone in that team. If you remove a member from a team, that member will lose the scopes it had from that team unless the member was also individually assigned those scopes.
You can manage and create new "Teams" on the Users and Scopes → tab.
When one of your employees logs into Transcend for the first time using their SSO login, if you expose some certain attributes to Transcend, the employee will be assigned to the Transcend team when their account is created, thus giving them a specific set of scopes by default.
You can enable the following SSO attribute mappings:
Updated 6 days ago