This page explains how end users get access to the Resistant Documents UI in a multi-tenant organization, and how partners can control which tenants each user can access.
Overview
Users access the Resistant Documents UI via your organization’s SSO integration (typically SAML or OIDC). Users are not “created” via the Tenant Management API. Instead:
- Users are provisioned and authenticated by your Identity Provider (IdP).
- Resistant Documents assigns tenant access based on attributes/claims in the SSO assertion.
- A user can be granted access to one or multiple tenants under the same organization.
User access is managed in your IdP by populating a claim/attribute named:
This claim lists tenant IDs together with the role level granted for each tenant.
The claim value is an array of strings. Each entry follows this pattern:
<tenant_id>_RO for read-only access<tenant_id>_RW for read-write access
Example
["tenantid1_RO", "tenantid2_RW"]
Tenant_ids are Resistant AI tenant_ids, not customer-defined identifiers.
