Roles and SSO
Document access governance using this structure.
Default roles
| Role | Permissions summary | Typical users |
|---|---|---|
| Admin | Manage billing, policies, integrations | Program owners, compliance leads |
| Analyst | Create projects, upload evidence | Finance or R&D analysts |
| Approver | Review and sign off claims | Controllers, executives |
| Viewer | Read-only access to reports | Advisors, auditors |
SSO configuration steps
- Gather IdP metadata (SAML or OIDC) — Collect metadata from your Identity Provider.
- Add Radley Tax as a new application in your IdP — Configure Radley Tax in your IdP settings.
- Upload IdP metadata into Admin → Authentication — Provide the gathered metadata to Radley Tax.
- Map IdP groups to Radley roles — Ensure correct role mapping for access control.
Best practices
- Rotate SAML certificates 30 days before expiry — Maintain up-to-date certificates for security.
- Use SCIM to automate provisioning and deprovisioning — Streamline user management processes.
- Audit access quarterly and document results in the compliance tracker — Regularly review and record access permissions.
⚠️
Warning
Use this callout for emergency access guidance, break-glass accounts, or incident response notes.