update the docs

2026-01-10 07:27:57 -05:00 · 2026-01-08 16:39:19 -08:00
parent 0bf493b059
commit e2366b19e5
2 changed files with 55 additions and 9 deletions
--- a/apps/docs/content/docs/en/enterprise/index.mdx
+++ b/apps/docs/content/docs/en/enterprise/index.mdx
@@ -9,6 +9,28 @@ Sim Studio Enterprise provides advanced features for organizations with enhanced

 ---

+## Access Control
+
+Define permission groups to control what features and integrations team members can use.
+
+### Features
+
+- **Allowed Model Providers** - Restrict which AI providers users can access (OpenAI, Anthropic, Google, etc.)
+- **Allowed Blocks** - Control which workflow blocks are available
+- **Platform Settings** - Hide Knowledge Base, disable MCP tools, or disable custom tools
+
+### Setup
+
+1. Navigate to **Settings** → **Access Control** in your workspace
+2. Create a permission group with your desired restrictions
+3. Add team members to the permission group
+
+<Callout type="info">
+  Users not assigned to any permission group have full access. Permission restrictions are enforced at both UI and execution time.
+</Callout>
+
+---
+
 ## Bring Your Own Key (BYOK)

 Use your own API keys for AI model providers instead of Sim Studio's hosted keys.
@@ -61,15 +83,38 @@ Enterprise authentication with SAML 2.0 and OIDC support for centralized identit

 ---

-## Self-Hosted
+## Self-Hosted Configuration

-For self-hosted deployments, enterprise features can be enabled via environment variables:
+For self-hosted deployments, enterprise features can be enabled via environment variables without requiring billing.
+
+### Environment Variables

 | Variable | Description |
 |----------|-------------|
+| `ORGANIZATIONS_ENABLED`, `NEXT_PUBLIC_ORGANIZATIONS_ENABLED` | Enable team/organization management |
+| `ACCESS_CONTROL_ENABLED`, `NEXT_PUBLIC_ACCESS_CONTROL_ENABLED` | Permission groups for access restrictions |
 | `SSO_ENABLED`, `NEXT_PUBLIC_SSO_ENABLED` | Single Sign-On with SAML/OIDC |
 | `CREDENTIAL_SETS_ENABLED`, `NEXT_PUBLIC_CREDENTIAL_SETS_ENABLED` | Polling Groups for email triggers |

-<Callout type="warn">
-  BYOK is only available on hosted Sim Studio. Self-hosted deployments configure AI provider keys directly via environment variables.
-</Callout>
+### Organization Management
+
+When billing is disabled, use the Admin API to manage organizations:
+
+```bash
+# Create an organization
+curl -X POST https://your-instance/api/v1/admin/organizations \
+  -H "x-admin-key: YOUR_ADMIN_API_KEY" \
+  -H "Content-Type: application/json" \
+  -d '{"name": "My Organization", "ownerId": "user-id-here"}'
+
+# Add a member
+curl -X POST https://your-instance/api/v1/admin/organizations/{orgId}/members \
+  -H "x-admin-key: YOUR_ADMIN_API_KEY" \
+  -H "Content-Type: application/json" \
+  -d '{"userId": "user-id-here", "role": "admin"}'
+```
+
+### Notes
+
+- Enabling `ACCESS_CONTROL_ENABLED` automatically enables organizations, as access control requires organization membership.
+- BYOK is only available on hosted Sim Studio. Self-hosted deployments configure AI provider keys directly via environment variables.
--- a/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/settings-modal.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/settings-modal/settings-modal.tsx
@@ -92,7 +92,7 @@ type SettingsSection =
  | 'custom-tools'
  | 'workflow-mcp-servers'

-type NavigationSection = 'account' | 'subscription' | 'tools' | 'system'
+type NavigationSection = 'account' | 'subscription' | 'tools' | 'system' | 'enterprise'

 type NavigationItem = {
  id: SettingsSection
@@ -111,6 +111,7 @@ const sectionConfig: { key: NavigationSection; title: string }[] = [
  { key: 'tools', title: 'Tools' },
  { key: 'subscription', title: 'Subscription' },
  { key: 'system', title: 'System' },
+  { key: 'enterprise', title: 'Enterprise' },
 ]

 const allNavigationItems: NavigationItem[] = [
@@ -120,7 +121,7 @@ const allNavigationItems: NavigationItem[] = [
    id: 'access-control',
    label: 'Access Control',
    icon: ShieldCheck,
-    section: 'account',
+    section: 'enterprise',
    requiresHosted: true,
    requiresEnterprise: true,
    selfHostedOverride: isAccessControlEnabled,
@@ -159,7 +160,7 @@ const allNavigationItems: NavigationItem[] = [
    id: 'byok',
    label: 'BYOK',
    icon: KeySquare,
-    section: 'system',
+    section: 'enterprise',
    requiresHosted: true,
    requiresEnterprise: true,
  },
@@ -175,7 +176,7 @@ const allNavigationItems: NavigationItem[] = [
    id: 'sso',
    label: 'Single Sign-On',
    icon: LogIn,
-    section: 'system',
+    section: 'enterprise',
    requiresHosted: true,
    requiresEnterprise: true,
    selfHostedOverride: isSSOEnabled,