Go to prismic.io
Docs

Users and access

Manage team members, permissions, custom roles, and Single Sign-On (SSO).

Collaborate with your team while keeping control over who can see and change content. This guide shows how to invite users, assign roles, and set up advanced access options.

Manage users

Add and remove team members in your repository settings.

Invite users

Starting from the starter plan, you can invite users to your repository. Go to Settings > Users.

Enter their email, choose a role (if available), and send the invite. They’ll get an email and also see the pending invite in their dashboard.

Remove users

Go to Settings > Users and click the Remove button next to their name.

Transfer ownership

Only the repository owner can transfer ownership to another user.

  • In Settings > Users, scroll to Transfer ownership.
  • On the free plan (single user), enter the new owner’s email. The transfer is completed once the new owner accepts the invitation.
  • On paid plans, select user who you’d like ownership transferred to. The transfer happens immediately.

If the current owner has lost access to a repository, an administrator can request ownership through the support portal.

Repository roles

Repository roles define what each user can do across the entire repository.

In Small and Starter plans, all users are Administrators. Plans from Medium and above include additional roles for more granular control.

Go to Settings > Users and use the Role Type dropdown next to the user’s name.

The table below describes each role:

WriterCreate and edit pages and releases
Publisher

Everything a Writer can do, plus:
- Publish and delete pages and releases

Administrator

Everything a Publisher can do, plus:
- Create and edit page types and slices
- Edit repository settings
- Manage user roles
- Manage custom roles per locale in spaces (Enterprise only)
- Access and edit billing information

Repository Owner
(one per repository)

Everything an Administrator can do, plus:
- Transfer ownership
- Delete repository

Contributor
(Enterprise only)

When Custom Roles are active, users who are Writers or Publishers appear as Contributors at the repository level. Their permissions are configured in Space settings > User roles

Custom roles (Enterprise)

If you use multiple locales, custom roles lets you define permissions for each locale within a Space.

In Space settings > User roles, choose what each person can do in their assigned locales for that Space, or apply a role to everyone in the repository for that Space.

The table below describes each role:

Read-onlyView pages and releases
Writer

Everything a Read-only can do, plus:
- Create and edit pages and releases

Publisher

Everything a Writer can do, plus:
- Publish and delete pages and releases

Repository owner and Administrators

Administrators can do everything a Publisher can do, plus:
- Full access in all locales and Spaces. Custom Role restrictions do not apply to them.

SSO

Enterprise customers can enable Single Sign-On (SSO) to control login through their company’s IDP. Prismic supports OAuth2 identity providers (IdP) including Google, Okta, Microsoft Entra ID, and Auth0.

Contact Prismic sales at sales@prismic.io to request SSO setup. Then create a new application using the instructions for your IdP below:

Google

Go to the Credentials section of the Google Developer Console. Click on OAuth consent screen and add the following information.

Application NamePrismic
Application LogoInsert Prismic Logo
Support Emailsupport@prismic.io
Scope for Google APIemail profile openid
Authorized domainsprismic.io
Application Homepage linkhttps://prismic.io
Application Privacy Policyhttps://prismic.io/legal/privacy
Application Terms & Conditionshttps://prismic.io/legal/terms-of-service

Then, click on Credentials > Create credentials. Select OAuth Client ID and then Web application. Save the form.

To provide access to existing users, assign them to the Prismic Google application. New users can be invited directly from the Prismic repository.

Finally, send the Client ID and Secret to your CSM using encrypted email or a one-time link.

Okta

Go to Applications > Add Application. Select Web as the platform and OpenID Connect as the Sign on method. Click Create and add the information below. Then, click Save and securely store the Client ID and Secret.

Application NamePrismic
Login redirect URIshttps://prismic.io/sso/{yourEmailDomain}/callback

Then, go to the endpoints section of the Okta documentation. Securely store the /authorize, /token, and, /userinfo endpoints.

To provide access to existing users, assign them to the Prismic Okta application. New users can be invited directly from the Prismic repository.

Finally, send the Client ID, Client Secret, /authorize, /token, and, /userinfo endpoints to your CSM using encrypted email or a one-time link.

OAuth2 IdPs

Go to your IdP’s dashboard and create a new Open ID Connect application using the callback URI: https://prismic.io/sso/{your-email-domain.com}/callback.

To provide access to existing users, assign them to the Prismic application. New users can be invited directly from the Prismic repository.

Then, send the clientID, clientSecret, authorizeUrl, accessTokenURL, scope, profileURL and, userInfoUrl to your CSM using encrypted email or a one-time link.

Was this page helpful?