ChangeBreeze's role-based permission system provides: Flexibility: Six distinct roles to match your organizational structure Security: Separation of duties and principle of least privilege ITIL Compliance: Roles aligned with ITIL change management best practices Scalability: Works for small teams and large MSPs alike Auditability: Complete logging of all permission-based actions
Enforcing MFA protects your organization by adding a layer of security beyond passwords. Admins can enable it in ChangeBreeze’s Organization settings. SAML-authenticated users may already have MFA via their identity provider and can be excluded from additional enforcement.
This guide walks you through setting up SAML Single Sign-On (SSO) for ChangeBreeze with Entra ID, allowing users to log in automatically using their company credentials. By integrating with your existing identity provider (such as Entra ID), ChangeBreeze can provide a secure and seamless login experience without the need for separate passwords. Once complete, users can access ChangeBreeze instantly through their organization’s sign-in portal, improving both security and convenience.
In a multitenant system with organizational user accounts, permissions are global and apply to all sub-companies within the organization. Any permissions set at the organizational level automatically cascade to the sub-companies. User accounts can have roles set during their creation, with the option to edit these roles later from the User Management page. Editing a user's role will update their role across all companies within the organization, override any custom role settings at the company level, and take effect immediately.
In a multitenant system, sub-company accounts can have user accounts directly attached, typically for customer end users. Permissions can be tailored for these users, such as in the case of an IT team for a sub-customer.