@@ -9,6 +9,28 @@ Sim Studio Enterprise provides advanced features for organizations with enhanced
99
1010---
1111
12+ ## Access Control
13+
14+ Define permission groups to control what features and integrations team members can use.
15+
16+ ### Features
17+
18+ - ** Allowed Model Providers** - Restrict which AI providers users can access (OpenAI, Anthropic, Google, etc.)
19+ - ** Allowed Blocks** - Control which workflow blocks are available
20+ - ** Platform Settings** - Hide Knowledge Base, disable MCP tools, or disable custom tools
21+
22+ ### Setup
23+
24+ 1 . Navigate to ** Settings** → ** Access Control** in your workspace
25+ 2 . Create a permission group with your desired restrictions
26+ 3 . Add team members to the permission group
27+
28+ <Callout type = " info"
29+ Users not assigned to any permission group have full access. Permission restrictions are enforced at both UI and execution time.
30+ </Callout >
31+
32+ ---
33+
1234## Bring Your Own Key (BYOK)
1335
1436Use your own API keys for AI model providers instead of Sim Studio's hosted keys.
@@ -61,15 +83,38 @@ Enterprise authentication with SAML 2.0 and OIDC support for centralized identit
6183
6284---
6385
64- ## Self-Hosted
86+ ## Self-Hosted Configuration
87+
88+ For self-hosted deployments, enterprise features can be enabled via environment variables without requiring billing.
6589
66- For self-hosted deployments, enterprise features can be enabled via environment variables:
90+ ### Environment Variables
6791
6892| Variable | Description |
6993| ----------| -------------|
94+ | ` ORGANIZATIONS_ENABLED ` , ` NEXT_PUBLIC_ORGANIZATIONS_ENABLED ` | Enable team/organization management |
95+ | ` ACCESS_CONTROL_ENABLED ` , ` NEXT_PUBLIC_ACCESS_CONTROL_ENABLED ` | Permission groups for access restrictions |
7096| ` SSO_ENABLED ` , ` NEXT_PUBLIC_SSO_ENABLED ` | Single Sign-On with SAML/OIDC |
7197| ` CREDENTIAL_SETS_ENABLED ` , ` NEXT_PUBLIC_CREDENTIAL_SETS_ENABLED ` | Polling Groups for email triggers |
7298
73- <Callout type = " warn"
74- BYOK is only available on hosted Sim Studio. Self-hosted deployments configure AI provider keys directly via environment variables.
75- </Callout >
99+ ### Organization Management
100+
101+ When billing is disabled, use the Admin API to manage organizations:
102+
103+ ``` bash
104+ # Create an organization
105+ curl -X POST https://your-instance/api/v1/admin/organizations \
106+ -H " x-admin-key: YOUR_ADMIN_API_KEY"
107+ -H " Content-Type: application/json"
108+ -d ' {"name": "My Organization", "ownerId": "user-id-here"}'
109+
110+ # Add a member
111+ curl -X POST https://your-instance/api/v1/admin/organizations/{orgId}/members \
112+ -H " x-admin-key: YOUR_ADMIN_API_KEY"
113+ -H " Content-Type: application/json"
114+ -d ' {"userId": "user-id-here", "role": "admin"}'
115+ ```
116+
117+ ### Notes
118+
119+ - Enabling ` ACCESS_CONTROL_ENABLED ` automatically enables organizations, as access control requires organization membership.
120+ - BYOK is only available on hosted Sim Studio. Self-hosted deployments configure AI provider keys directly via environment variables.
0 commit comments