# Managing access Access in Peig operates at three levels — all independently controllable: | Level | What it controls | | ----------- | ---------------------------------------------------------- | | **User** | Whether the user's account is active or suspended | | **Device** | Whether a specific device is authorised to access services | | **Service** | Whether a user has access to a specific application | All three conditions must be true for access to be granted. *** ## Granting access to a service Access to each connected service must be explicitly granted per user. There is no "grant access to everything" option. ### Microsoft 365 and Google Workspace For provisioned integrations like Microsoft 365 and Google Workspace, user identities are synchronised automatically via their respective APIs. To grant access: 1. Open the user's profile in **Users & Access** 2. Under **Services**, find the application 3. Toggle it **on** The application icon immediately appears in the user's Peig dashboard. ### SAML applications (secondary providers) SAML-only applications have no provisioning — Peig has no way to automatically map a user to their account in the application. You must set a **Provider ID** to make this link manually. 1. Open the user's profile in **Users & Access** 2. Under **Services**, find the application 3. Click **Add Provider ID** and enter the user's identifier for that application — typically their email address for that service 4. Toggle the service **on** {% hint style="warning" %} For SAML applications, the Provider ID must be set before the user can authenticate. Without it, the toggle alone is not enough. {% endhint %} *** ## Revoking access to a service 1. Open the user's profile in **Users & Access** 2. Under **Services**, find the application 3. Toggle it **off** The application icon immediately disappears from the user's dashboard and access is blocked. The user's account and other service access rights are unaffected. *** ## Suspending a user Suspending a user immediately blocks access across all their devices and all services — without removing their account or access rights. 1. Open the user's profile in **Users & Access** 2. Click **Suspend User** To restore access, click **Unsuspend**. All access is restored immediately across all their registered devices. Use suspension for temporary situations — extended leave, security investigations, or while waiting to confirm a user's status. For permanent removal, see [Offboarding](/welcome-to-peig-documentation/admin-guide/offboarding.md). *** ## Suspending a device Suspending a device blocks access from that specific device only. The user's other devices and their account remain active. See [Managing Devices](/welcome-to-peig-documentation/admin-guide/managing-devices.md) for full details. *** ## Access visibility for users Users only see the services they have been granted access to in their Peig dashboard. Services that are toggled off — or services that exist in the workspace but have not been assigned to the user — are not visible to them at all. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.peig.io/welcome-to-peig-documentation/admin-guide/managing-access.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.