Skip to main content
Any user accessing the Paxos Dashboard must be authorized and assigned one or more Roles, each of which consists of specific permissions that control access to various actions. Paxos provides a set of predefined roles that are available as soon as you sign up and onboard a new Entity.

Passkey-Based Login

Entity Managers can manually invite users and assign their roles. Each user receives an email with a verification code and a link to set up their passkey and sign in.
Users can have different roles across different Entities. When inviting users, it is recommended to provide organization-specific instruction on the proper use and storage of passkeys.We recommend using tools like iCloud Keychain, Windows Hello, Google Account, 1Password, Proton Pass, or other third-party password manager that enables passkey sync across devices.
Follow these steps to invite users to your entity:
  1. Go to Admin > Team Management
  2. Click Invite Users
Invite Users
  1. Enter one or more emails and select a role from the dropdown.
  2. Click Invite Users
Users are marked as Active once they log into the Dashboard. Entity Managers can also modify User Roles as needed:
  1. Go to Admin > Team Management>Users
  2. Click on the Edit Role icon next to a user.
  3. Select one or more roles from the dropdown.
  4. Click the Save icon next to the dropdown.
Users can only be invited with the same email address to one Organization. If a user cannot be invited to your Organization because they’re already part of another, they have two options:
  1. Use an alternative email address: Many email providers support plus addressing (e.g., name+something@yourorganization.com)
  2. Leave the other Organization:
    • Sign in to their account
    • Click Organization in the top left corner
    • Leave Organization option is at the bottom of the page
Once they leave the other Organization, they can be invited to your Organization.

SSO-Based Login

Interested in using SSO?Paxos supports SAML and OIDC supported Identity Providers. Contact Support to get started.
When using Single Sign-On (SSO), instead of inviting users individually, an Entity Manager uses the Role Mapping interface to map Roles to user groups within your organization’s Identity Provider (i.e., Okta, Azure AD). Typically, you work with your IT team to leverage existing groups; however, you may need to add new Identity Provider groups to match your expected Dashboard workflows. Once you map the group to an existing Dashboard Role, the next time users sign in with SSO their permissions will update. Follow these steps to map Identity Provider groups to Paxos Dashboard Roles:
  1. Go to Admin>Team Management>Mapping.
  2. Click Add Mapping.
  3. Enter the Group Name exactly as it appears inside your Identity Provider’s configuration.
  4. Enter one or more Roles to associate with this Group.
Any user with a user attribute that contains the Group will automatically be assigned the associated Role on login.