RelevanceAI · claude · Apr 17, 2026
diff --git a/enterprise/rbac.mdx b/enterprise/rbac.mdx
@@ -32,7 +32,7 @@

 ### Project Level

 - **Admins** — own the project setup and governance. They control permission and authentication accounts.
 - **Editors** — build, edit, and run all assets in the project. Treat them as your core contributors.
 - **Members** — can build their own assets but don't automatically see or edit others'. Great for independent work within shared projects.
 - **Chat** — access [Relevance Chat](/get-started/chat/introduction) only, cannot access the web app. Perfect for users who only need to interact with agents through chat. Requires asset-level permissions to run specific agents.
@@ -57,7 +57,7 @@
 | **Role**   | **Capabilities**                                                                                 |
 | ---------- | ------------------------------------------------------------------------------------------------ |
 | **Owner**  | Full control of organization, billing, security, users and all projects                          |
 | **Admin**  | Manage users, projects, organization-level API keys and OAuths                                   |
 | **Member** | Access only assigned projects. Cannot create projects at organization level. Asset creation within projects is controlled by project-level permissions. |
 | **Viewer** | View-only access to agent and tool audit logs, usage data and compliance reports                 |

@@ -68,7 +68,7 @@
 | Manage billing                                         | ✅         | ❌         | ❌          | ❌          |
 | Manage organization settings (name, logo, domain etc.) | ✅         | ✅         | ❌          | ❌          |
 | Manage organization users                              | ✅         | ✅         | ❌          | ❌          |
 | Manage API keys & OAuths (Org-level connections)       | ✅         | ✅         | ❌          | ❌          |
 | View global audit logs                                 | ✅         | ✅         | ❌          | ❌          |
 | View all projects and agents                           | ✅         | ✅         | ❌          | ❌          |
 | Delete any asset                                       | ✅         | ✅         | ❌          | ❌          |
@@ -103,7 +103,8 @@
 | :------------------------------------- | :-------- | :--------- | :--------- | :--------- | :------- |
 | Delete project                         | ✅         | ❌          | ❌          | ❌          | ❌        |
 | Assign project roles to users          | ✅         | ❌          | ❌          | ❌          | ❌        |
 | Manage project-level API keys & OAuths | ✅         | ❌          | ❌          | ❌          | ❌        |
+| Add personal OAuth accounts (dynamic auth) | ✅    | ✅          | ✅          | ✅          | ✅        |
 | Delete agents                          | ✅         | ✅          | ❌          | ❌          | ❌        |
 | View all assets by default             | ✅         | ✅          | ❌          | ❌          | ❌        |
 | Edit/run assets they did not create    | ✅         | ✅          | ❌          | ❌          | ❌        |
@@ -114,6 +115,10 @@
 | Run a chat (LLM)                       | ✅         | ✅          | ✅          | ✅          | ✅        |
 
 
+<Note>
+"Manage project-level API keys & OAuths" refers to shared, project-wide accounts only. All team members can add their own personal OAuth accounts when [dynamic authentication](/enterprise/user-level-authentication) is enabled on a shared agent — this is not restricted to admins.
+</Note>
+
 ### Chat Role Details
 
 <Warning>
@@ -136,7 +141,7 @@
  </Accordion>

  <Accordion title="LLM conversations">
    Can have conversations with LLMs and in-built Chat Agents directly without agents.
  </Accordion>

  <Accordion title="More powerful than Viewer">
@@ -206,7 +211,7 @@
 </Info>

 <Tip>
 Learn more about [sharing workforces](/build/workforces/share-your-workforce) as cloneable templates.
 </Tip>

 ----

diff --git a/enterprise/user-level-authentication.mdx b/enterprise/user-level-authentication.mdx
@@ -55,7 +55,7 @@
 User Level Authentication works with tools that use **OAuth authentication only**. 

 **Supported:**
 - Tool steps with OAuth account inputs (e.g., Google Sheets, Slack, HubSpot, Notion, Trello)
 - Any integration that uses OAuth to connect user accounts

 **Not supported:**
@@ -92,7 +92,7 @@
 As a builder, you can configure User Level Authentication at the agent level.

 <div style={{ width:"100%",position:"relative","padding-top":"56.75%"}}>
 <iframe src="https://app.supademo.com/embed/cmlq8m0u524pgegrdv7dlhoqy" frameBorder="0" title="Setting up User Level Authentication" allow="clipboard-write; fullscreen" webkitAllowFullscreen="true" mozAllowFullscreen="true" allowFullscreen style={{ position:"absolute",top:0,left:0,width:"100%",height:"100%",border:"3px solid #5E43CE",borderRadius:"10px" }} />
 </div>

 To enable User Level Authentication:
@@ -107,21 +107,28 @@
 If you have [asset-level authentication controls](/enterprise/rbac#permissions) enabled through RBAC, users can also choose from project-level shared accounts instead of authorizing their individual accounts.
 </Note>
 
+<Info>
+When dynamic authentication is enabled on a shared agent, all team members — not just admins — can add their own OAuth accounts. Members can only manage their own private accounts and cannot view or modify project-level shared accounts, which remain admin-managed.
+</Info>
+
 ## User experience in Chat
 
 When users interact with an agent in Chat that has User Level Authentication enabled, the authentication flow is seamless and intuitive.

 <div style={{ width:"100%",position:"relative","padding-top":"56.75%"}}>
 <iframe src="https://app.supademo.com/embed/cmlq8o3si24q3egrd75i2p1yf" frameBorder="0" title="Using User Level Authentication in chat" allow="clipboard-write; fullscreen" webkitAllowFullscreen="true" mozAllowFullscreen="true" allowFullscreen style={{ position:"absolute",top:0,left:0,width:"100%",height:"100%",border:"3px solid #5E43CE",borderRadius:"10px" }} />
 </div>
 
 ### First-time authentication
 
-When a user runs an agent that requires User Level Authentication for the first time:
+All team members — not just admins — will see the authentication prompt when using an agent with dynamic authentication enabled for the first time.
+
+1. When you run an agent that requires User Level Authentication for the first time, a pop-up appears with the guidance "Connect your account to use this tool."
+2. Click the 'Select connected account' dropdown to choose an account. If your project has shared accounts available, they appear here alongside your personal options.
+3. To connect your own account, click 'Add account' to start the OAuth login flow for that integration.
+4. Follow the on-screen steps to log in. Your credentials are saved automatically for future runs.
 
-1. If you call an Agent that requires User Level Authentication for the first time, you will see a pop up appear when you need to connect an account.
-2. To do this, click the 'Select connected account' dropdown, and choose a shared account from here, or add your own private account.
-3. Then, click 'Add account' to continue onto your account log in, and follow the next steps to log into your account on the integration you're connecting to.
+Members can only add and manage their own private accounts. Project-level shared accounts are managed by project admins and cannot be modified by members.
 
 ### Subsequent uses
 
@@ -152,6 +159,8 @@
 
 ### Privacy and account visibility
 
+All team members — not just admins — can add their own OAuth accounts when dynamic authentication is enabled on an agent. Members can connect their own private credentials without needing admin intervention, and can only see and manage their own private accounts. They cannot view or modify project-level shared accounts.
+
 To protect privacy and security:
 
 - **Private accounts are hidden** - Your personal accounts won't be visible to other users
@@ -193,4 +202,8 @@
   <Accordion title="My integration uses API keys or Python code steps. Can I use User Level Authentication?">
     No. User Level Authentication only supports OAuth-based integrations. If your integration uses API key authentication, Python code steps, or custom API calls with bearer tokens, you'll need to use a shared account instead. Only integrations that use OAuth to connect user accounts (like Google Sheets, Slack, HubSpot, Notion, etc.) are compatible with User Level Authentication.
   </Accordion>
+
+  <Accordion title="Can non-admin team members add their own OAuth accounts?">
+    Yes. When dynamic authentication is enabled on a shared agent, all team members can add their own OAuth accounts — this is not limited to admins. Members see an "Add account" button with the guidance "Connect your account to use this tool." Members can only manage their own private accounts; they cannot view or modify project-level shared accounts, which remain admin-managed.
+  </Accordion>
 </AccordionGroup>