SSO, permissions, and connected-system access

Access in Nomic has several layers. A successful login only proves that the user can enter the tenant; it does not automatically grant access to every project, file, workflow, or integration.

Layer 1: Login

Your organization may use:

• SSO through your company identity provider
• Email login codes
• A pilot invitation flow

If a user cannot log in, first confirm the tenant URL, invited email address, and SSO assignment.

Layer 2: Organization role

Organization roles control tenant administration.

• Admins can manage members, settings, integrations, analytics, and billing.
• Members can use Nomic but cannot manage tenant-wide settings.

Being an organization admin does not override source-system file permissions.

Layer 3: Project access

Project access controls which project workspaces a user can open and what they can do inside them. A user can be a member of the Nomic organization but still not have access to a particular project.

Layer 4: Source-system permissions

For integrations such as SharePoint, Egnyte, or Autodesk Forma, Nomic respects the permissions from the original system. If a user cannot open a file there, they should not expect to use it in Nomic.

Troubleshooting checklist

If a user cannot see what a teammate sees:

1. Confirm both users are in the same Nomic tenant.
2. Confirm both users are members of the relevant project.
3. Confirm the file is synced and indexed.
4. Confirm both users can open the file in the source system.
5. Confirm the workflow or Assistant session includes the same context.

Related

• What Nomic can and cannot see
• IT allowlisting and network access
• I can't access my Nomic instance
• Connect file storage integrations