Coming Soon · Identity · RBAC

Apiome Access

Real role-based access control — a resource-by-action permission model, member lifecycle, and enterprise identity.

Apiome Access replaces the coarse admin-or-not flag with genuine RBAC. Define built-in and custom roles against a resource by action permission matrix, run the full member lifecycle from invite to offboard, wire up SAML/OIDC SSO with SCIM provisioning, and hold it all accountable in an immutable audit log.

Apiome Access primary surface
4
Built-in roles
6+
Governed resources
SAML · OIDC · SCIM
Identity
Core capabilities

What ships with Access

Every Access surface is wired into the rest of the Apiome platform — no glue code, no separate identity, no bolt-on integrations.

Resource × action matrix

Grant allow, deny, or inherit per role across Project, Version, Class, Path, Primitive, and Member resources.

Built-in & custom roles

Immutable Owner, Admin, Editor, and Viewer roles that tenants clone to build their own custom roles.

Member lifecycle

Invite, assign roles, suspend, and offboard members with pending-invite tracking and last-active visibility.

SSO with group mapping

SAML/OIDC single sign-on that maps directory groups straight to Apiome roles.

SCIM provisioning

SCIM 2.0 just-in-time provisioning and deprovisioning for enterprise tenants.

Immutable access audit

A tamper-evident log of grants, role changes, sign-ins, and overrides — filterable and exportable.

Inside the product

A look inside Apiome Access

Live design previews from the Access mockup pack — 3 surfaces in total.

Access — Members and identity

Member table with invites, role assignment, last-active visibility, and SSO/SCIM directory configuration.

Access — Audit log

Immutable who/what/when log of permission grants, role changes, sign-ins, and admin overrides, with export.

Built for these teams

Use cases

Access is designed around the way real teams actually work — not the way a tool wants them to work.

Platform administrators

Clone the Editor role, deny Primitive deletion, and apply it to a contractor cohort in one screen.

IT & identity teams

Connect Okta over SAML and map the Engineering group to the Editor role with SCIM auto-provisioning.

Auditors

Export a filtered access log showing every permission change on a project during a compliance window.

Enterprise-grade

Built for procurement, InfoSec, and audit

Access ships with the controls your security, legal, and finance partners ask for first — so you can deploy with confidence and pass review with evidence.

  • SAML / OIDC single sign-on with group-to-role mapping
  • SCIM 2.0 just-in-time provisioning and deprovisioning
  • Custom roles cloned from immutable built-ins
  • Separate platform-admin plane for cross-tenant operations
  • Immutable, exportable access audit with long-term retention
  • Detect over-privileged roles and suggest least-privilege trims
  • Explain a role's effective permissions in plain language
  • Recommend a role from a described responsibility
  • Flag anomalous grants and sign-ins in the audit stream
AI integration

AI guardrails for least privilege

Access analyzes your roles and grants to surface over-broad permissions, recommend tighter roles, and explain exactly what any given role can do in plain language.

Every AccessAI feature is grounded in your tenant's data, runs under your data-residency policy, and respects every role and ACL the platform enforces.

Every surface in Apiome Access

A look at the 3 screens designed for this suite — covering everything from day-1 onboarding to day-100 operations.

roles
members
audit

Be first in line for Access

Early-access tenants help us shape Access — and get production-grade pricing locked in before general availability.