Use this API key for headless access to ContentIQ services. Once you have generated the key, copy it and store it somewhere safe, as you will not be able to retrieve it later. Generating a new API key will override any existing keys.
Manage tenant RBAC, service-account access, default roles, and content permissions. All changes require admin privileges and respect tenant isolation.
Surface system and custom roles fetched from the tenant RBAC document. System roles are read-only except for description updates.
| Name | Description | Updated | Actions |
|---|---|---|---|
| Roles will appear after loading tenant data. | |||
Create a role or retry loading the catalog.
| Service Account | Roles | Last Updated | Updated By | Actions |
|---|---|---|---|---|
| Assignments load when admin data is fetched. | ||||
Accounts without explicit assignments inherit the default roles.
Default role membership applies whenever an account has no explicit assignment. At least one role must remain selected (typically member).
Roles will display when the tenant document is loaded.
Key admin actions are logged locally to assist future audit trail integrations.
No admin actions logged yet.
Disconnect your connected third-party services. This will revoke access and require re-authentication to use these services again.
Configure Azure AD Single Sign-On to allow users to login with their Microsoft accounts and email addresses. This configuration is stored at your organization level and will be shared with all users from your company. New users who sign in via SSO will automatically inherit your organization's shared credentials (WXO, Milvus, etc.). You'll need to register an application in Azure AD and provide the following information.
Enter your Azure AD application registration details.
The Application (Client) ID from your Azure AD app registration.
The Directory (Tenant) ID from your Azure AD app registration. This will be used to match users from your Azure AD tenant to your organization's service account, enabling automatic credential inheritance.
Configure authentication settings and domain restrictions for your Azure AD application.
The client secret value from your Azure AD app registration. Leave empty to keep existing secret.
The redirect URI configured in your Azure AD app registration. This should match exactly.
Restrict SSO login to specific email domains. Enter one or more domains separated by commas.