Search documentation...


Workspace management

Since Hightouch manages the flow of your business-critical data, we provide a full suite of platform governance features to ensure security and compliance. These features fall into two categories: access management and change management.

Before going in-depth on these features, it's helpful to understand the core concepts Hightouch uses to structure workspace management features.

Core concepts

  • Organization: a container for a set of workspaces, used for billing purposes.
  • Workspace: a Hightouch account representing a set of resources and users. Access management settings are applied at the workspace level.
  • User: an individual with access to a workspace. A user can be associated with one or more workspaces.
  • Role: a set of policies governing a user's access to resources. Users can only be assigned one role.
  • Policy: a set of actions users can take on resources given certain conditions.
  • Resource: any of the building blocks of a workspace: for example, sources, destinations, models, syncs, and audiences.

Core concepts

Access management

Hightouch's access management features let you govern who can access your workspaces and what actions they can take.

Access management features include:

SAML SSO, SSO groups, role-based controls, and label-based controls are only available on Business Tier plans.

Invite team members

You can choose to invite team members to your workspace manually or enable access for your entire organization using SAML SSO. Before inviting team members, you may want to change the default role for a workspace or set up SSO groups to map groups in your identity provider to Hightouch roles.

To manually invite a team member, go to the Members tab on the Settings page and click Invite new people.

Members tab in Hightouch

In the modal that appears, enter your team member's Email, select the appropriate Role, and click Send invitation.

Invitation modal

The Members tab displays pending invitations and team members. You can choose to resend or cancel any pending invitations. Outstanding invitations are active for 30 days.

Pending invitation in members tab

Check out the SSO documentation to learn how to configure SAML SSO to provide access for your entire organization through an identity provider like Okta or Azure Active Directory.

Assign and create roles

You can change the default role for a workspace from the Workspace tab on the Settings page. Select the appropriate role for users from the dropdown under the Default role header.

Selecting the default role for all users in a workspace

You can change an individual user's role from the Members tab on the Settings page. This page displays a table of all the users in your Workspace. Each user row has a Role dropdown where you can select a different role.

Changing an individual user's role

Check out the SSO groups documentation to learn how to automatically assign roles to team members based on their group in your identity provider.

If you assign roles using SSO groups, you can't individually assign roles from the Members tab.

You can also create and assign custom roles using role-based access controls.

Change management

Hightouch's change management features let you enforce reviews of changes and allow you to view historical in-app changes.

Change management features include:

  • Approval flows to stage changes before pushing them into production
  • Audit logs to provide records of what changes were made, by whom, and when

Approval flows and audit logs are only available on Business Tier plans.

Use approval flows

Approval flows make it so that any changes made by users with the Workspace Draft Contributor role require approval from a privileged user. Check out the approval flows documentation to learn more about the feature and how to enable it.

View audit logs

Hightouch provides audit logs to track, trace, and search through historical actions taken in the Hightouch app. Check out the audit logs documentation to learn more about the feature and how to use it.

    Need help?

    Our team is relentlessly focused on your success. We're ready to jump on a call to help unblock you.

    • Connection issues with your data warehouse?
    • Confusing API responses from destination systems?
    • Unsupported destination objects or modes?
    • Help with complex SQL queries?

    Feature Requests?

    If you see something that's missing from our app, let us know and we'll work with you to build it!

    We want to hear your suggestions for new sources, destinations, and other features that would help you activate your data.

On this page

Core conceptsAccess managementInvite team membersAssign and create rolesChange managementUse approval flowsView audit logs

Was this page helpful?