Documentation

Managing Global User Permissions for Organizational Accounts

Authentication
Updated Nov 20, 2025

Organisational user accounts are global, meaning that in a multitenant setup they automatically receive the same permissions across all sub-companies. Any permissions assigned at the organisational level will cascade down to each sub-company.

Permission are set in two places.

  1. When the user account is being created.


    The default Role selection can be made.
  2. You can edit a user to adjust permissions from the User Management page. Find the user then select edit under the actions drop down.

 

Note: Changing the default role will:

  • Update this user's role in ALL companies within the organisation
  • Override any custom role assignments made at the company level
  • Take effect immediately across all active companies

 

 

Previous

How to setup SAML authentication with Microsoft Entra
Next

Managing Global User Permissions for Sub Company / Tenant Accounts

Related Articles

Authentication

Account Permissions

ChangeBreeze's role-based permission system provides: Flexibility: Six distinct roles to match your organizational structure Security: Separation of duties and principle of least privilege ITIL Compliance: Roles aligned with ITIL change management best practices Scalability: Works for small teams and large MSPs alike Auditability: Complete logging of all permission-based actions
Authentication

Enforcing Multi-Factor Authentication for All Users

Enforcing MFA protects your organization by adding a layer of security beyond passwords. Admins can enable it in ChangeBreeze’s Organization settings. SAML-authenticated users may already have MFA via their identity provider and can be excluded from additional enforcement.
Authentication

How to enable MFA for local accounts

Steps to Enable Multi-Factor Authentication (MFA) for Enhanced Account Security
Authentication

How to setup SAML authentication with Microsoft Entra

This guide walks you through setting up SAML Single Sign-On (SSO) for ChangeBreeze with Entra ID, allowing users to log in automatically using their company credentials. By integrating with your existing identity provider (such as Entra ID), ChangeBreeze can provide a secure and seamless login experience without the need for separate passwords. Once complete, users can access ChangeBreeze instantly through their organization’s sign-in portal, improving both security and convenience.
Authentication

Managing Global User Permissions for Sub Company / Tenant Accounts

In a multitenant system, sub-company accounts can have user accounts directly attached, typically for customer end users. Permissions can be tailored for these users, such as in the case of an IT team for a sub-customer.