Portal Community
Octopus

User Access

User access to Agent Areas is controlled via user group membership. A user sees only the areas they are a member of. Area access is resolved from the user's JWT claims at request time — no additional database query needed per request.

Access Control Model

// Access check at chat session start:
public async Task<IReadOnlyList<AgentArea>> GetAccessibleAreasAsync(
    string userId, Guid tenantId, CancellationToken ct)
{
    // User group membership comes from JWT claims (populated by IdP)
    var userGroups = _httpContext.User.FindAll("group_id")
        .Select(c => Guid.Parse(c.Value))
        .ToList();

    // Areas the user can access = areas with at least one matching user group
    return await _db.Areas
        .Where(a => a.TenantId == tenantId
                 && a.IsActive
                 && a.UserGroups.Any(g => userGroups.Contains(g.GroupId)))
        .ToListAsync(ct);
}

Assigning Users to an Area

// Via API: assign a user group to an area
POST /api/octopus/areas/{areaId}/user-groups
Authorization: Bearer {areaAdminToken}

{
  "userGroupIds": [
    "group_all_employees",
    "group_hr_managers"
  ]
}

// Via admin UI: Area settings → Access Control → Add User Group

// User groups are typically sourced from your Identity Provider (Azure AD, Okta, etc.)
// and appear as JWT group claims in the user's token.

Access Roles Within an Area

RolePermissionsTypical Assignment
Area UserChat with area agents; view own conversation historyAll employees in the area
Area AdminManage area agents, knowledge, tools; view all conversations in areaDepartment head, IT administrator
Octopus Tenant AdminManage all areas and agents; billing; tenant configurationPlatform administrator
OctopusDebugAccess Context Inspector; view system promptsDevelopers, trusted admins

Anonymous (Public) Areas

An area can be configured as public — accessible without authentication. Useful for public-facing chatbots:

// PATCH /api/octopus/areas/{areaId}
{
  "isPublic": true  // No JWT required; UserComposite is populated as anonymous
}

// In public mode:
// - UserId = "anonymous_{sessionId}"
// - EpisodicMemory.Enabled defaults to false (no cross-session memory for anonymous)
// - Tool handlers must treat anonymous users with minimal trust
← Tool Scoping Next: Area Routing →