What this guide covers
person.run supports organization-scoped access through Clerk Organizations. This gives you one place to manage membership, roles, and SAML SSO for enterprise workspaces.
- Organization-aware workspace resolution in the dashboard and API proxy layer.
- Role-based access control (Owner, Admin, Editor, Viewer) in person.run.
- Membership and role synchronization from Clerk organization events.
- SAML SSO for enterprise identity providers configured in Clerk.
Prerequisites
- A person.run workspace on a plan that includes enterprise access controls.
- Clerk Organizations enabled for your environment.
- An identity provider that supports SAML (Okta, Entra ID, Google Workspace, etc.).
- An admin user with permission to manage organization settings.
Role model
Clerk organization roles map into person.run workspace permissions. Use this mapping to decide who can administer access versus who can run day-to-day research workflows.
| person.run role | Typical access |
|---|---|
owner | Full workspace control, including billing and governance |
admin | Manage members, roles, and safety policy settings |
editor | Create and update personas, studies, and prompts |
viewer | Read-only access to workspace resources |
Setup flow
- Create or select your Clerk organization for the target workspace.
- Invite members and assign initial organization roles.
- Enable SAML SSO in Clerk for that organization.
- Have users sign in through SSO and select the organization in the dashboard scope switcher.
- Confirm team role assignments in /dashboard/team.
Operational notes
TipUse one organization per workspace for the cleanest tenant boundary and easiest audit trail.
NoteIf a user belongs to multiple organizations, they can switch workspace scope in the dashboard using the organization switcher.
WarningSCIM provisioning is not currently available in person.run and should be treated as roadmap.