WorkLLM uses role-based access control to define what each person in your organization can see and do. You assign a role when you invite someone to your workspace, and Admins can change roles at any time.Documentation Index
Fetch the complete documentation index at: https://workllm.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
Roles
WorkLLM has two roles: Admin & MemberRole descriptions
Admin — Full access to your WorkLLM workspace, including all AI features, organization settings, billing, integrations, and security configuration. Admins can manage every aspect of membership and see all reports and audit logs. Assign this role to workspace owners and IT administrators. Member — Standard access to all AI features. Members can create and use threads, tools, assistants, and agents. They cannot access administrative settings, billing, or audit logs. This is the appropriate role for most people in your organization.Inviting members
Enter the email address
Type the email address of the person you want to invite. You can enter multiple addresses separated by commas to invite several people at once.
Managing pending invitations
Invitations that have been sent but not yet accepted appear under Settings → Members → Pending Invitations. From there you can:- Resend an invitation if the original email was missed or expired
- Revoke a pending invitation to cancel access before the invitee joins
Changing a member’s role
Find the member
Locate the person whose role you want to change. Use the search field to filter by name or email.
Open the role menu
Click the role badge next to their name (for example, Member) to open the role dropdown.
Revoking access
To remove a member from your workspace:
Removing a member immediately revokes their access to your workspace. Their past contributions — threads they created and prompts they wrote — remain in your workspace and are not deleted. If you need to delete their content, you must do so separately before or after removing them.
Single sign-on (SSO)
WorkLLM supports SSO so your team can authenticate using your existing identity provider, and you can enforce your organization’s authentication policies — including MFA — through that provider.Google SSO
Google SSO is available on all plans and requires no configuration on WorkLLM’s side. Members can sign in with Sign in with Google on the login page. If your Google Workspace account uses MFA, that requirement is enforced through Google’s authentication flow.SAML SSO (Enterprise Plans Only - Coming Soon)
Enterprise plans can configure SAML 2.0 SSO with any compatible identity provider, including Okta, Microsoft Entra ID (formerly Azure AD), OneLogin, and others. To enable SAML SSO for your organization:Contact WorkLLM
Email info@workllm.io with the subject line “SAML SSO configuration” and include your organization name and the identity provider you’re using.
Receive your SAML configuration
WorkLLM will provide you with the Service Provider (SP) metadata, including the ACS URL and Entity ID, needed to configure your identity provider.
Configure your identity provider
In your identity provider’s admin console, create a new SAML application using the SP metadata WorkLLM provides. Assign the application to the users who should have access to WorkLLM.
When SAML SSO is enabled, members who try to sign in with email and password or Google SSO will be redirected to your identity provider. You can configure whether non-SSO login methods remain available as a fallback during the setup process.