Team seats and permissions

Give your team access, not the keys

Invite your whole team, scope each person by role and by entity, and keep an audit trail of every action. Unlimited seats on the Compliance Subscription, four clear roles, and single sign-on when you need it.

Unlimited seats Per-entity access Full audit log SSO on enterprise
Built for teams that need control SOC 2 Type II audited Immutable audit log SSO, SAML and SCIM No per-seat charge
Unlimited
Seats on the Compliance Subscription
0
Clear roles, from owner to viewer
Per-entity
Access scoped to the entities that matter
Every
Action written to an immutable audit log
The shared password problem

One login for the whole team is a liability

When everyone signs in with the same account, no one can see who did what, a junior teammate can touch billing or an entity they should never see, and offboarding someone means changing a password everyone has to relearn. It works right up until an audit, a mistake, or a departure.

Team permissions replace the shared login with real accounts. Each person gets a role that fits their job, access scoped to the entities they handle, and every action recorded in an audit log. Adding someone is a 30-second invite, and removing them is instant.

One shared login
  • No way to see who did what
  • Everyone can touch billing and every entity
  • A junior teammate has the same keys as the owner
  • Offboarding means a password reset for all
  • An audit has nothing to point to
With team permissions
  • A real account and role for each person
  • Access scoped to the entities they handle
  • Billing and admin limited to who should have it
  • Instant removal, no shared password
  • Every action in an immutable audit log
Four roles, clear lines

Exactly what each role can and cannot do

Select a role to focus its column, or read the whole matrix at a glance.

Click a role to highlight it

Permission
View entities and deadlines
Edit entity details
File and pay
Manage documents
Invite and manage teammates
Manage roles and permissions
Billing and plan
More than a login list

Team controls a security review will actually pass

The access primitives an operations lead and a security team both ask for.

Unlimited seats

Add the whole team, no per-seat charge on the Compliance Subscription

Per-entity access

Scope a person to only the entities, states, or clients they handle

Immutable audit log

Every action recorded, ready to hand to a reviewer

SSO and SCIM

Sign in with Okta, Azure AD, or Google and provision automatically

30-second invites

Add a teammate with an email invite, live in seconds

Read-only viewers

Give an auditor or a partner visibility without any edit rights

Change roles anytime

Promote, restrict, or re-scope a person as their job changes

Instant removal

Deprovision access the moment someone leaves, no shared password

How you set up a team

Invite, scope, and keep it accountable

Five steps from a shared login to real controls. Select one to see the detail.

Step 1

Invite the whole team in seconds

Send an email invite and a teammate is live in about 30 seconds, with their own account and no shared password. Seats are unlimited on the Compliance Subscription, so you never pay to add a person.

Unlimited seats, no per-seat charge, invites live in seconds.
Invite sent: ALEX VANCE
Live in 30 seconds
Unlimited seats
Step 2

Pick the role that fits the job

Assign Owner, Admin, Member, or Viewer, and their access matches the matrix above. A member can file and edit but not touch billing; a viewer can see everything and change nothing. No custom rules to write.

Four clear roles cover the real jobs on a team.
Role: MEMBER
Can file and edit
No billing access
Step 3

Scope access to the right entities

Restrict a person to specific entities, states, or clients, so a regional manager sees only their region and an outside partner sees only the entities you share. Least privilege by default, on top of the role.

Per-entity scoping means people see only what they should.
Scope: CALIFORNIA ENTITIES
Everything else hidden
Least privilege by default
Step 4

Everyone works in one place

The team shares the same live portfolio, the same document vault, and the same compliance calendar, each seeing exactly what their role and scope allow. No exported spreadsheets, no re-sharing, no version confusion.

One dashboard, one vault, scoped per person.
Shared: ONE PORTFOLIO
Same vault, scoped
No re-sharing
Step 5

See every action, change access instantly

Every filing, edit, and document access is written to an audit log you can hand to a reviewer. When someone changes jobs or leaves, re-scope or remove them instantly, with no password for the rest of the team to reset.

An audit trail for every action, instant deprovisioning on exit.
Audit log: EVERY ACTION
Instant removal on exit
SCIM keeps it in sync
How team permissions compare

Real accounts beat a shared password

The usual ways teams share access all fail the same review. Here is the difference.

Capability Team Permissions One shared login Everyone is an admin Build your own controls
Role-based accessNot availableNo limitsIf you build it
Access scoped per entityNot availableNot availableCustom
Who-did-what audit logNot availableAll look the sameCustom
SSO and SCIM provisioningNot availableNot availableHeavy build
Instant, clean offboardingReset for allManualIf you build it
No per-seat chargeBuild cost

The point. A shared login is convenient until an audit, a mistake, or a departure, at which point it is a liability with no answers. Team permissions give every person the access their job needs and nothing more, with a record of it all. Compare the platform on the comparison hub.

BosAI manages access too

Change access by just asking

Instead of clicking through settings, tell BosAI who should have access to what, and it sets the role and scope for you.

BosAITeam workspace, your firm

Give Alex access to only our California entities.

Done. Alex is a Member scoped to the 24 California entities, so they can file and edit those and see nothing else. I logged the change and notified them by email.

Who can file for our Delaware entities?

Three people: Jordan (Owner), Sam (Admin), and one Member scoped to Delaware. Priya is a Viewer, so she can see the Delaware entities but cannot file. Here is the audit log of the last filings on those entities.

Remove Priya, she left today.

Priya's access is revoked immediately, effective now. Nothing else changes for the rest of the team, and the removal is recorded in the audit log with today's timestamp.
From a team that ditched the shared login

The audit answered itself

We shared one login for years and never thought about it until a security review asked who could touch what. Now everyone has a role, our contractors see only their clients, and when I had to offboard someone I removed them in a click. The audit trail answered every question for us.
Operations lead
Firm managing entities for many clients
4 roles
covering every job on the team
Per-entity
access for contractors and partners
1 click
to offboard, no shared password

Representative composite based on team outcomes. Setup depends on team size and structure.

For the questions teams ask

Straight answers on seats, roles, and access

How many seats do I get?
Unlimited on the Compliance Subscription, with no per-seat charge. Add your whole team, your contractors, and read-only viewers without watching a seat count, so access is never a reason to share one login.
What are the roles?
Four: Owner, Admin, Member, and Viewer. The Owner has full control including billing, an Admin manages the team and filings, a Member files and edits, and a Viewer has read-only access. The matrix above shows exactly what each can and cannot do.
Can I limit who sees which entity?
Yes. On top of the role, you can scope a person to specific entities, states, or clients, so a regional manager sees only their region and a contractor sees only the entities you share. Everything else stays hidden.
Is there an audit trail?
Yes. Every action, from a filing to a document access to a role change, is written to an immutable audit log with a timestamp and the person who did it, ready to hand to a security reviewer or an auditor.
Do you support SSO and SCIM?
Yes, on the enterprise tier. Sign in with Okta, Azure AD, or Google over SAML, and SCIM provisions and deprovisions users automatically as your directory changes. See SSO.
How fast is adding or removing someone?
Adding a teammate is an email invite that goes live in about 30 seconds. Removing one is instant and clean: their access is revoked immediately, with no shared password for the rest of the team to reset, and the change is logged.
Can outside partners or auditors get access?
Yes. Give an outside partner a Member role scoped to only the entities you share, or an auditor a read-only Viewer role for the whole portfolio, without exposing anything beyond what they need or giving up the audit trail.
What does it cost?
Team seats and role-based permissions are included with the Compliance Subscription with no per-seat charge. SSO and SCIM are on the enterprise tier. See the pricing page or talk to sales.
Access that fits each job

Give your team the right keys, and only those

Add your team with roles and per-entity scoping, or talk with our team about SSO, SCIM, and enterprise controls.

Unlimited seats · Per-entity access · Immutable audit log