Users & Access Control
AgentMark uses a role-based access control (RBAC) system with granular permissions at the organization and app level.Built-in Roles
Every organization member is assigned one of these roles:| Role | Access |
|---|---|
| Owner | Full access. Assigned to the org creator. Can transfer ownership. |
| Admin | Full access to all org resources, settings, billing, and member management. |
| Write | Read and write access to apps, prompts, traces, experiments, and datasets. Cannot manage members or billing. |
| Read | Read-only access to all org resources. Cannot create, edit, or delete anything. |
Inviting Members
Invite team members from Settings > Members in the Dashboard. Invitations are sent by email and expire after 7 days. Each invitation includes a role assignment.Custom Roles
Team tier and above. Custom roles require a Team or Enterprise subscription.
- Navigate to Settings > Roles in the Dashboard
- Click Create Role
- Name the role and select the specific permissions to grant
- Assign the role to members
App-Level Roles
Team tier and above. App-level roles require a Team or Enterprise subscription.
API Keys
API keys are scoped to individual apps. Each key grants access only to that app’s resources (prompts, traces, experiments).- Create and manage keys from Settings > API Keys in the Dashboard
- Keys are rate-limited by tier (see Billing & Usage for limits)
- Key names must be unique within an app
SSO Enforcement
Enterprise organizations can enforce SAML SSO for all members. When SSO enforcement is enabled, members must authenticate through your identity provider — no password fallback is available. See Security & Compliance for SSO configuration details.Have Questions?
We’re here to help! Choose the best way to reach us:
- Email us at hello@agentmark.co for support
- Schedule an Enterprise Demo to learn about our business solutions