Invite your team
Gamut is a shared operating layer, so it works best with the right people in place, governance leads, risk and compliance, security, procurement and the owners of individual AI systems.
Inviting people
Section titled “Inviting people”Administrators invite colleagues by email. Each invitation is tied to a role that determines what the person can see and do once they accept.
- Open Administration → Users.
- Select Invite user and enter their email address.
- Choose the tenant role appropriate to their responsibilities (see below).
- Send the invitation. The recipient receives an email with a secure link to join.
Choosing a tenant role
Section titled “Choosing a tenant role”The tenant role sets what someone can do across the organisation. Assign the least privilege needed for their job:
| Role | Use it for |
|---|---|
| Administrator | People who manage users, SSO, plans and the admin console. |
| Advanced | Governance, risk and security staff who need all modules, AI analysis, the agentic stack and exports. |
| Standard | Contributors who need core frameworks and limited AI, without control testing, workpapers or the agentic stack. |
| Subscriber | Login only, no product access (useful while access is being arranged). |
What a role can actually use is also capped by the workspace’s plan: a user needs both the role permission and the plan entitlement.
Scoping access to specific assessments
Section titled “Scoping access to specific assessments”Beyond the tenant role, you can add someone to an individual assessment with an additive workspace role, so they get broad read access organisation-wide but write access only where they work:
- Lead Assessor: full read/write on the assessment, can share, delete, approve and export.
- Contributor: create and update records, no delete or export.
- Reviewer: read plus notes and comments.
- Viewer: read-only.
This is the practical way to bring in a system owner, an auditor or a reviewer without granting them broad authority. See Users & roles for the full model.
A starting allocation
Section titled “A starting allocation”- System / model owners: Standard tenant role, added as Contributor on the assessments covering their systems. They also get read/update on objects they own automatically.
- Governance, risk and compliance: Advanced tenant role, Lead Assessor where they run the work.
- Reviewers and auditors: Standard or Subscriber tenant role, Reviewer or Viewer on the relevant assessments.
- Administrators: Administrator tenant role.
Single sign-on
Section titled “Single sign-on”For larger organisations, connect your identity provider so people sign in with corporate credentials and access follows your existing joiner / mover / leaver process. SSO governs authentication; roles still govern authorisation. See Single sign-on (SSO).
Accountability
Section titled “Accountability”Granting or revoking a role is an audited action, and every state-changing action in the workspace is recorded in the audit log. Suspending a user immediately revokes their access and ends their active sessions.
- Set up Single sign-on for your organisation.
- Review Plans & entitlements to confirm which features your workspace can use.