Enterprise

Enterprise Permissions Model

The enterprise permissions model in Blast Office gives administrators fine-grained control over what users and teams can do within the organization.

Policy Rules

Enterprise administrators can define policy rules that control:

• Filesystem access: Which directories users can read from and write to
• Internet access: Which domains and services the AI can reach
• Tool availability: Which AI tools (web search, Lua scripting, etc.) are enabled
• Feature access: Which application features are available to different roles

Enforcement Modes

Each policy can use a different enforcement mode:

Continue reading

Enterprise File System Access Controls

Blast Office allows enterprise administrators to control which files and directories the AI can access for each user and team.

Why Control Filesystem Access?

In enterprise environments, it’s important to ensure that the AI only accesses files that users are authorized to work with. Filesystem access controls help:

• Prevent accidental exposure of sensitive documents
• Comply with data classification policies
• Enforce separation of duties between teams

Configuring Access

Organization-Wide Defaults

1. Navigate to Organization Settings > Policies > Filesystem
2. Set the default filesystem access policy (enabled or disabled)
3. Define allowed and blocked directories

Team-Specific Policies

1. Navigate to Teams > [Team Name] > Policies
2. Override organization defaults for specific teams
3. Define directory allowlists and blocklists

User-Specific Overrides

For cases where individual users need different access:

Continue reading

Enterprise Internet Access Controls

Enterprise administrators can control whether and how the AI accesses the internet for features like web search and deep research.

Internet Access Settings

Internet access controls determine:

• Whether the AI can perform web searches
• Whether web-based research features are available
• Which external services the AI can reach

Configuring Internet Access

Organization-Wide Settings

1. Navigate to Organization Settings > Policies > Internet Access
2. Enable or disable internet access for AI features
3. Configure domain allowlists or blocklists if needed

Team-Level Overrides

Some teams may need different internet access policies. For example, a research team may need full web access while a team handling sensitive data should have it restricted.

Continue reading

Enterprise Organization Management

Blast Office provides comprehensive organization management for enterprise customers, powered by WorkOS for identity and access management.

Organization Structure

Organizations in Blast Office consist of:

• Users: Individual accounts that belong to the organization
• Teams: Groups of users that share policies and resources
• Roles: Predefined access levels assigned to users

Managing Users

Adding Users

1. Navigate to Organization Settings > Users
2. Click Invite User
3. Enter the user’s email address and assign a role
4. The user will receive an invitation to join the organization

Removing Users

1. Navigate to Organization Settings > Users
2. Find the user and click Remove
3. The user’s access is revoked immediately, but their personal data remains until they delete their account

Managing Teams

Creating Teams

1. Navigate to Organization Settings > Teams
2. Click New Team
3. Name the team and add members
4. Assign team-level policies

Team Policies

Teams can have their own policies that override organization defaults. This allows different groups to have appropriate access levels for their work.

Continue reading