Skip to main content
Every partner program runs on trust, and trust starts with access. Decide exactly what your internal team can do, what each partner’s people can do, and how everyone signs in, all configured by your team without engineering.

What this area does

Access and security covers two capabilities. Team management is where you invite your internal team, assign roles built from clear permission categories, and limit users to the partners they own. It is also where you define partner team roles and assign the people who manage each partner. Single sign-on lets your own team and your partners log in through your identity provider, so access follows your existing security policies. Both are configured by partner operations and admins directly, with no code, and the permissions you set apply consistently across every surface a user touches.

Why it matters

  • Low total cost of ownership - Roles, permissions, and SSO are configured by your team, not engineering.
  • CRM-native - Partner and visitor access is scoped to the CRM-synced data each partner owns, and no external user ever needs a CRM seat, so the CRM admin keeps control of who can reach which records.
  • Trust and accuracy - The right people see the right data, and sign-in follows your security policy.
These permissions also scope Introw’s AI agents. When an assistant connects over MCP, its data access follows the signed-in user’s partner scope - a partner’s assistant reaches only that partner’s data. What an agent may do on its own is governed by a vendor-configured capability matrix, with sensitive actions kept behind human approval.

How it fits together

Sign-in and roles govern every surface a user touches, including AI agents:

Capabilities

Team Management

Internal roles, permissions, and partner team roles.

Single Sign-On

SAML sign-in for your team and your partners.

Who works in this area

CRM Administrator

Owns identity, access, and security policy.

Partner Operations

Configures roles and partner team access.

Headless

All guides

Set up internal SSO for your team

Connect your identity provider, map SAML attributes to user fields, set a default role, and switch your team to single sign-on.

Set up portal SSO for partners

Let partners sign in to your portal through their own identity provider with SAML, using your portal’s service provider URLs and the SSO-only login switch.

Access multiple organisations

Use one Introw login to create, join, and switch between multiple independent organisations, with data kept strictly siloed.

Create an internal role

Build a reusable role from permission categories, choose an access type, optionally scope it to a user’s assigned partners, then set notifications and assign users.

Invite a team member

Add a colleague to your team in the right role, understand paying vs CRM-only seats, and manage their status from invited through active.

Set up partner team roles

Define the roles people hold on a partner, sync them to your CRM as a single owner or a multi-member field, and assign people one at a time or in bulk.