Skip to main content
Back to Integration Docs
Enterprise Architectures

Organization, Roles & Multi-Tenancy

Understand how Plannorium Sign partitions sub-accounts, enforces Role-Based Access Control (RBAC), and guarantees complete cryptographic data isolation across tenants.

1. Sub-Account Contexts

Enterprise platforms can manage distinct organization contexts. Sub-accounts act as isolated environments with separate API keys, consent configurations, custom clinical branding, and independent webhook targets. Team members switch their active organization scope inside their Console account to transition contexts seamlessly.

2. Role-Based Access Control (RBAC)

Access permissions are securely evaluated against the user's active role. Scopes define the level of authorization:

System Roles & Authority Levels
RoleAccess LevelPermission Tags Checked
ownerFull account control, billing, BAA agreements*
adminManage configs, invite clinicians, view full audit logscontracts:*, consent:*, invite:*
memberCreate/send signature requests, review intake statecontracts:view, consent:view, consent:sign

3. Inviting Team Members

Administrators and owners can invite doctors, clinical coordinators, or administrative representatives to their organization sub-accounts. Invitations trigger a secure onboarding email flow containing context-scoped invitation tokens.

4. Multi-Tenant Security & Isolation

Because clinical security and HIPAA integrity require zero exposure of cross-organization entities, the system partitions every operation:

API Key Scoping

Every generated API key maps uniquely to its creator organization ID. Intercepted request headers querying resources outside the matching company context automatically return standard authorization errors.

Request Constraints

Data queries enforce organization boundary parameters on every transaction. Standard operations always filter queries by the authenticated organization context before executing read or write actions.

Security Guarantee

Plannorium Sign leverages separate organization lookup filters and strict CORS restrictions to guarantee that no organization, member, or developer can access or modify another entity's digital templates, signed agreements, or webhook logs.