User Access Control

With VGS Resource Access Management (RAM) solution, you can specify who can access your Organization and its resources - Vaults, centrally manage fine-grained permissions and analyze access to refine permissions across VGS.

Inviting Organization members

VGS provides multiple permission levels designed for different use cases, applicable both to Organization and its Vaults. You can manage your organization members and user roles by going to Organization Settings > User Access Control panel.

You can invite multiple team members to access your VGS Organization and assign certain roles when they’re invited. Roles protect your sensitive information and restrict the actions team members can perform on your Organization and its Resources - Vaults. See the detailed list of what each role can and can’t do before assigning the role to an organization member.

You can invite members individually, or invite multiple users at the same time by separating their email addresses with a comma or space. You can also assign multiple roles to an organization member, therefore giving them the combined set of permissions granted by those roles. Invites to your VGS organization expire after 7 days.

You can edit your team member's role at any time from your organization’s User Access Control page. Click the overflow menu and click Edit to edit their roles.

User Roles

Give your users controlled access to your VGS Organization.

Organization roles

Roles for Organization users:

Admin: Users with full access to the Organization and its resources, including sensitive and destructive actions like managing and deleting vaults and applications.

User: Users who actively work on Organization resources (Vaults).

Below is a detailed table of the permissions each user may have access to based on their Organization-level role:

Vault roles

Roles for Vault users:

Admin: Users with full administrative access to the vault and its routes, including permissions to delete the vaults and its routes.

Write: Users with write access to vault settings and routes.

Read: Users with view access to vault settings and routes.

Below is a detailed table of the permissions each user may have access to based on their Vault-level role:

VGS Support account

For debugging purposes, we added a possibility to grant the VGS Support team access to your organization. Read more

Authentication Settings

This section is available only for users with admin rights. It allows changing authentication settings for users that are members of the current organization.

Require MFA

If enabled, all members of this organization must have MFA configured. Exception is organizations that have required Single sign-on (SSO).

When a user joins an organization with enabled this requirement, the system updates user's MFA preferences according to the policy.

Users cannot modify MFA under User Profile Settings if one is required on the organization level.

NOTE: If "Require MFA" setting is disabled then user's MFA configuration remains but they can remove it via User Profile Settings.

Require Password Change

If set then the system will require users of this organization to update their passwords every 90 days. Users will be forced to update their passwords during sign in if it is expired.

The sign in page will start notifying users about the password change 14 days before the expiration, but users can skip it.