How administrators manage organisation access, governance policies, supervision control, app permissions, and billing within a Majormatic Enterprise account.
In Majormatic, administrators control access and policy. The platform controls execution. These are distinct domains that do not overlap — admins configure within governance boundaries, they do not override system rules.
Organisation users are managed through the Admin Dashboard under Organisation → Users.
Removing a user immediately revokes their access. Their execution history and audit records remain in the organisation's audit log. User data is retained in accordance with the platform's data retention policy.
Majormatic uses role-based access control enforced at the platform level. Permissions are validated on every request — not cached, not assumed, not inherited from session state.
Permission to initiate executions. Standard users require this permission.
Permission to acknowledge and finalise execution outputs. Required for the supervision gate to complete.
Permission to submit internal apps for review and publish to the organisation catalogue.
Permission to view wallet balance, execution costs, and transaction history.
Permission to view execution audit logs. Typically restricted to admin and compliance officer roles.
Permission to manage users, roles, and organisation policies. Admin role only.
Admins can configure organisation-level governance policies that apply to all executions within the organisation. These policies operate on top of the platform defaults — they can be more restrictive, not less.
Mandate that all executions within the organisation require acknowledgement — even apps that do not require supervision at the app level. Organisation policy takes precedence in the restrictive direction.
Restrict which engine types users in the organisation can invoke. Useful for compliance-constrained environments where only specific workflow types are permitted.
Configure the minimum risk level at which executions require manager or compliance approval. For example: all medium-risk and above executions require a second acknowledgement from a manager or reviewer role.
Set maximum execution time, maximum input file size, and maximum steps per run at the organisation level. These limits cannot exceed the platform maximums for the account tier.
Enterprise accounts can configure multi-level supervision workflows that reflect the organisation's internal governance structure.
The executing user reviews and acknowledges the draft output. Standard supervision gate.
A manager or senior reviewer must approve the acknowledged output before it is finalised. Configurable by admin for specific app categories or risk levels.
A designated compliance officer must provide final sign-off. Used for critical risk executions or regulatory outputs in strictly governed organisations.
Admins control which apps are available to the organisation from Appstream and manage internal organisation apps.
By default, all approved Appstream apps are available to organisation users. Admins can create an allowlist (only specified apps permitted) or a blocklist (specific apps blocked) to match the organisation's compliance requirements.
Organisation-specific execution tools built by Expert users within the organisation. Internal apps are visible only to the organisation. They go through the same ABI validation and governance review as public apps, but are not published to the public Appstream catalogue.
Admins can promote internal apps to appear at the top of the organisation's app list, making domain-specific tools easy to find for all users in the organisation.
Enterprise accounts use a shared Total Power wallet. All users in the organisation draw from the same wallet balance. Admins control how that balance is managed and monitored.
Set a maximum spend per user, per team, or per time period. Executions that would exceed the configured limit are blocked. Users receive a clear error message directing them to contact their admin.
View usage reports broken down by user, app, engine type, and time period. Identify high-spend users or workflows and review whether execution patterns align with intended use.
Charges only apply after execution completion and finalisation. If an execution fails or is rejected by schema validation, the wallet is not charged. All transactions are recorded with full audit detail.
Admins can enforce MFA for all users in the organisation. Users who have not enabled MFA will be blocked from accessing the platform until they complete MFA setup.
Restrict platform access to specific IP ranges or CIDR blocks. Useful for organisations that operate from fixed office or VPN IP addresses.
Configure session timeout durations for organisation users. Admins can remotely revoke sessions for specific users — useful for immediate access termination when a user leaves the organisation.
Single sign-on integration is available for enterprise service agreements. Contact your account representative to configure SSO with your identity provider.
Admins can configure execution-level limits that apply to all runs within the organisation. These limits are enforced by the platform at execution time.
Organisation model, capabilities, and how Majormatic differs from conventional AI and automation tools
Read overview →Audit log access, export formats, GDPR controls, and data management for compliance teams
View guide →Priority support, onboarding assistance, and account management for enterprise customers
Contact us →