Delegated Identities

The Delegated Identities feature in Splight enables secure, cross-organization collaboration by allowing users from one organization to access another organization’s resources—with precise role-based control.

This system is especially useful for multi-org users, consulting partners, service providers, or cross-entity project teams who need scoped, auditable access to another Splight environment.

Overview

There are two core concepts within Delegated Identities:

  • Granted Identities External users that you have explicitly granted access to your organization. Each granted identity is assigned a specific role that defines what they can see and do inside your organization. These users continue to belong to and authenticate through their own organization, but can operate within yours under the constraints of the granted role.

  • Allowed Identities External organizations that have allowed you or users in your org to assume an identity and access their environment using a predefined role. These are opportunities for your users to "step into" another organization’s context—with full transparency and controlled permissions.

This model gives both sides full control:

  • You can grant access to others without sharing users or compromising control.

  • You can receive access to other orgs without having to create separate accounts.

How It Works

1. Granting Access to External Users (Granted Identities)

You can invite external users from any Splight organization to access your environment:

  • Go to the Delegated Identities > Granted Identities section.

  • Click Grant Access.

  • Enter the user’s email and select their organization (must be a valid Splight organization).

  • Assign a role that determines their level of access.

  • Once accepted, the user will be able to switch into your organization and operate within the permissions of the granted role.

You can modify or revoke access at any time.

2. Accepting Access to Other Organizations (Allowed Identities)

If another Splight organization has granted access to your account:

  • You will see a new entry under Delegated Identities > Allowed Identities.

  • You can view the role you've been assigned and which organization has granted the access.

  • When you switch into that organization’s context, your permissions will match the assigned role.

🛡️ Switching between organizations via Delegated Identities is fully audited. Every action is logged under the delegated identity, ensuring traceability.

Use Cases

  • Consultants and Partners: Get controlled access to a customer’s Splight environment without creating new accounts.

  • Multi-org Users: Seamlessly switch between multiple organizations where you operate.

  • Secure Collaboration: Grant only the necessary permissions for support or joint studies—without overexposure.

Security and Auditing

  • Role-Based: All delegated access is enforced via Splight’s RBAC system.

  • Scoped and Reversible: You can revoke delegated access at any time.

  • Fully Audited: All delegated identity actions are tracked in activity logs under the identity that assumed the role.

PreviousAuthorizationNextPreferences

Last updated

Was this helpful?