SSO, permissions, and connected-system access
Access in Nomic has several layers. A successful login only proves that the user can enter the tenant; it does not automatically grant access to every project, file, workflow, or integration.
Layer 1: Login
Your organization may use:
- SSO through your company identity provider
- Email login codes
- A pilot invitation flow
If a user cannot log in, first confirm the tenant URL, invited email address, and SSO assignment.
Set up SSO for your tenant
Organization admins can start SSO setup from Admin → Settings → Privacy & auth. The setup has two steps:
- Verify your domain so Nomic can confirm the domain belongs to your organization.
- Connect your SSO provider such as Okta, Microsoft Entra ID, Google Workspace, or another SAML identity provider.
If your IT team asks for vendor SSO metadata, share the setup screen with them or contact Nomic Support. Nomic can provide the entity ID, redirect URL, or XML metadata your identity provider needs.
Layer 2: Organization role
Organization roles control tenant administration.
- Admins can manage members, settings, integrations, analytics, and billing.
- Members can use Nomic but cannot manage tenant-wide settings.
Being an organization admin does not override source-system file permissions.
Layer 3: Project access
Project access controls which project workspaces a user can open and what they can do inside them. A user can be a member of the Nomic organization but still not have access to a particular project.
Layer 4: Source-system permissions
For integrations such as SharePoint, Egnyte, or Autodesk Forma, Nomic respects the permissions from the original system. If a user cannot open a file there, they should not expect to use it in Nomic.
Troubleshooting checklist
If a user cannot see what a teammate sees:
- Confirm both users are in the same Nomic tenant.
- Confirm both users are members of the relevant project.
- Confirm the file is synced and indexed.
- Confirm both users can open the file in the source system.
- Confirm the workflow or Assistant session includes the same context.