Access Control
Manage who can access what in WizChat.
Access Control Model
WizChat uses Role-Based Access Control (RBAC) at multiple levels:
- Account level - Who can access your account
- Team level - Who can access team resources
- Chatbot level - Who can access specific chatbots
- Document level - Who can access specific documents
Account Access
Single Sign-On (SSO)
Business plans can enable SSO:
- SAML 2.0
- Google Workspace
- Microsoft Azure AD
- Okta
Multi-Factor Authentication (MFA)
Enable MFA for additional security:
- Go to "Profile" > "Security"
- Click "Enable MFA"
- Scan QR code with authenticator app
- Enter verification code
- Save backup codes
Team Access
See Roles & Permissions for details.
| Role | Access Level |
|---|---|
| Owner | Full access, billing |
| Admin | Manage team, chatbots |
| Member | Use shared chatbots |
Chatbot Access
Control who can access each chatbot:
| Level | Who |
|---|---|
| Owner only | Just the chatbot owner |
| Team | All team members |
| Specific people | Invited individuals |
See Sharing Chatbots for details.
Document Access
Control access to individual documents:
| Level | Description |
|---|---|
| Public | All chatbot users |
| Authenticated | Logged-in users only |
| Restricted | Specific email addresses |
See Document Access Control for details.
API Access
API Key Permissions
When creating API keys, set permissions:
- Read-only
- Read-write
- Full access
IP Allowlisting
Restrict API access to specific IPs:
- Go to "Settings" > "API"
- Click "IP Restrictions"
- Add allowed IP addresses
- Click "Save"
Session Management
Active Sessions
View and manage active sessions:
- Go to "Profile" > "Security"
- Click "Active Sessions"
- See all logged-in devices
- Revoke sessions as needed
Session Timeout
Configure session timeout:
- Default: 30 days
- Configurable per account
- Immediate logout option
Audit Trail
Business plans include audit logs:
- Who accessed what
- When access occurred
- What actions were taken
Access audit logs:
- Go to "Settings" > "Security"
- Click "Audit Log"
- Filter and search events
Best Practices
Principle of Least Privilege
- Grant minimum necessary access
- Review permissions regularly
- Revoke unused access
Regular Reviews
- Audit team members monthly
- Review API key usage
- Check shared chatbot access
Secure Practices
- Enable MFA for all users
- Use SSO where possible
- Rotate API keys regularly