← Home

administration

Articles (2)

FAQs (4)

Can admins restrict models and integrations?

Yes. Administrators have full control over which models are available, which integrations are enabled, and who can access shared documents. Here is a summary of each control area.

Restricting model access

Admins can control which models appear in the model selector for standard users:

  1. Navigate to Admin Panel > Settings > Models.
  2. Set each model's Visibility to one of:
    • All users -- the model appears for everyone.
    • Admins only -- the model is hidden from standard users.

Models set to "Admins only" do not appear in the model selector for non-admin users. This is useful for limiting access to expensive models or models still being evaluated.

For details on adding and configuring model providers, see Adding Custom Model Providers.

Disabling integrations and chat features

Admins can toggle specific features on or off for all non-admin users:

  1. Navigate to Admin Panel > Settings > Interface.
  2. Toggle any of the following:
    • Web search -- allow or block users from enabling web search in conversations.
    • Image generation -- allow or block image generation requests.
    • Code execution -- allow or block sandboxed code execution.
    • File uploads in chat -- allow or block file attachments in messages.

Disabled features are hidden from the interface entirely -- users do not see them at all.

Tool integrations are managed separately under Workspace > Tools. Only admins can create, edit, or delete tools and configure tool integrations (valves). Standard users can only use tools that have been assigned to their assistants.

For details on building and managing tools, see Building Custom Tool Integrations.

Controlling document access

Admins control who can upload documents to the shared knowledge base:

  1. Navigate to Admin Panel > Settings > Knowledge Base.
  2. Under Shared uploads, choose:
    • Allow all users -- any user can upload to shared collections.
    • Admins only -- only admins can add to shared collections. Users can still upload to their personal workspace.

Admins can also delete any user's uploaded documents and manage knowledge base collections. Standard users can only delete their own uploads.

For the full permission breakdown, see Managing User Roles and Permissions.

Quick reference

Control Where to configure Options
Model visibility Admin Panel > Settings > Models All users, Admins only
Chat features Admin Panel > Settings > Interface Toggle per feature
Tool management Workspace > Tools Admin-only by default
Shared KB uploads Admin Panel > Settings > Knowledge Base All users, Admins only
Document deletion Admin Panel > Knowledge Base Admins can delete any; users delete own
Can admins see user chats?

Yes. Administrators can view all conversations within your organization. This access exists for compliance, auditing, and user support purposes.

What admins can see

Administrators have access to:

  • Full conversation history -- every message in every conversation for all users in the organization, including prompts and AI responses.
  • Conversation metadata -- titles, timestamps, model selection, and session identifiers.
  • Uploaded documents -- files uploaded to knowledge bases or attached to conversations.

Regular users cannot see other users' conversations. Only accounts with the Admin role have cross-user visibility.

How admins access conversations

Administrators view conversations through the Admin Panel:

  1. Go to Admin Panel > Users.
  2. Select the user whose conversations you want to review.
  3. Click Conversations to see their full chat history.

Conversation metadata is also visible in the analytics dashboard under Admin Panel > Analytics.

Exporting conversations

Administrators can export conversation data for compliance or record-keeping:

  • Single user export -- from the Admin Panel, select a user and choose Export Conversations. Available formats: Markdown, PDF, Plain Text.
  • Bulk export -- use the Admin Panel or the API to export conversation data across multiple users. This is useful for compliance audits, GDPR data subject access requests, or internal reviews.
  • Audit log export -- export activity logs that show conversation events (creation, deletion, export) alongside other user actions.

Individual users can export their own conversations from the chat interface. See Can I search and export past chats? for details.

Admin access is logged

Every time an administrator views or exports another user's conversations, the action is recorded in the audit trail. These audit entries include:

  • Which administrator accessed the data
  • Which user's conversations were viewed
  • When the access occurred
  • What action was taken (view, export, delete)

This ensures accountability and supports compliance requirements like SOC 2 and GDPR. See How to Audit User Activity for details on reviewing audit logs.

Data retention and deletion

Administrators control how long conversation data is kept through configurable retention policies. When a retention period expires, conversations are permanently deleted. Administrators can also manually delete specific conversations or request full data deletion for a user account.

See Configuring Data Retention Policies for setup instructions.

Related articles

Does SecureAI support Google, Microsoft, Okta, or Auth0 login?

Yes. SecureAI supports single sign-on (SSO) with all major identity providers, including Google Workspace, Microsoft Azure AD (Entra ID), Okta, and Auth0. Two protocols are supported:

Protocol Compatible providers
SAML 2.0 Okta, Azure AD, Auth0, OneLogin, PingFederate, and any SAML 2.0-compliant IdP
OIDC (OpenID Connect) Google Workspace, Okta, Azure AD, Auth0, Keycloak, and any OIDC-compliant IdP

How it works

When SSO is configured, users sign in through your organization's identity provider instead of managing a separate SecureAI password. Your existing access policies, MFA requirements, and session controls all apply automatically.

Setting it up

An administrator configures SSO in the SecureAI admin panel. The process involves registering SecureAI as an application in your identity provider and entering the connection details in SecureAI.

Most providers support both protocols. Choose OIDC if your provider supports it — it is simpler to configure.

Local accounts

If your organization does not use SSO, users can sign in with an email and password. Local accounts and SSO can coexist — for example, an admin might keep a local account as a fallback while all other users sign in through SSO.

Related

What user roles exist in SecureAI?

SecureAI has three built-in roles: User, Admin, and Pending. Every account is assigned exactly one role, which controls what that person can see and do in the platform.

The three roles

User

The standard role for everyone who uses SecureAI day-to-day. Users can:

  • Start and continue conversations with any available AI model.
  • Upload documents to their personal workspace and search the shared knowledge base.
  • Use assigned tools and assistants, and create personal assistants.
  • Share conversations with other users.
  • Manage their own profile, password, and API keys.

Users cannot access the Admin Panel or see other users' conversations.

Admin

The role for IT staff and platform managers who need to configure and manage the SecureAI instance. Admins have all the same capabilities as Users, plus:

  • Access to the Admin Panel for managing users, models, security settings, and integrations.
  • Ability to invite and remove users, change roles, and approve pending accounts.
  • Ability to configure model providers, content filtering, SSO, data retention, and IP allowlisting.
  • Visibility into conversation metadata and usage analytics (but not conversation content by default -- see Can admins see user chats?).
  • Ability to export audit logs and manage organization-wide settings.

Most organizations need only 2-5 admins.

Pending

A temporary role for users who registered through the sign-up page rather than being invited by an admin. Pending users can log in and update their profile, but they cannot start conversations, search the knowledge base, or use tools until an admin approves them.

To approve a pending user, go to Admin Panel > Users, filter by Role: Pending, select the user, change their role to User (or Admin), and save.

How do I manage user permissions?

Admins assign and change roles from the Admin Panel:

  1. Navigate to Admin Panel > Users.
  2. Click the user's name.
  3. Under Role, select the new role.
  4. Click Save.

Role changes take effect immediately -- no logout required. If you need to change roles for many users at once, use Bulk Actions > Change Role after selecting multiple users.

Beyond the three roles, admins can fine-tune what users can do through feature-level restrictions:

  • Model access -- restrict specific models to admins only (useful for expensive models or models being evaluated).
  • Shared knowledge base uploads -- limit who can add documents to shared collections.
  • Assistant publishing -- control whether users can publish assistants to the organization directory.
  • Chat features -- toggle web search, image generation, code execution, and file uploads for non-admin users.

For the full permission matrix and detailed configuration instructions, see Managing User Roles and Permissions.

Related articles