PrimeAssist
// operator access policy

When platform operators can see your tenant — and the rules around it.

PrimeAssist operates a strict operator console. Support requires seeing a tenant; security requires not seeing more than necessary, and never without a record. This page documents the rules. The impersonation banner in your dashboard links here so you can verify the policy at the moment it matters.

// the six rules

Six rules bound every operator session against your tenant.

  1. 01 / 06

    Operators cannot enter a tenant without a documented reason.

    Every impersonation session is opened with a reason field. The reason is captured on the operator-org audit log and on the impersonated tenant's audit log. Sessions without a reason cannot be opened.

  2. 02 / 06

    Sessions are time-bounded and short.

    An impersonation JWT expires after one hour. There is no refresh mechanism. To continue past the window, the operator opens a new session, which writes a new audit-log entry.

  3. 03 / 06

    Every impersonated action is attributed in your audit log.

    When an operator acts inside your tenant, the audit log row records actor_type=operator_impersonating with both the operator identity and the impersonated user identity. Filtering your audit log on this actor type yields the complete operator activity history.

  4. 04 / 06

    You can end an active session from your dashboard.

    An active impersonation surfaces as a persistent banner across the tenant dashboard. The banner names the operator, the reason, and the expiry timestamp. A single click on the banner ends the session immediately and writes the termination to the audit log.

  5. 05 / 06

    Operator logins are MFA-enforced.

    The platform operator Auth0 organization enforces MFA on every login. An operator cannot disable MFA on their own account; only an org-admin can adjust the policy, and the change writes to the operator-org audit log.

  6. 06 / 06

    Operator changes to billing, retention, or roles are restricted.

    Even during an impersonation session, the operator scope cannot rotate the tenant's API keys, alter billing plans without an approved upgrade request, or transfer ownership of the tenant. These actions remain admin-only inside the tenant.

// in your dashboard

What this looks like in your dashboard.

When a PrimeAssist operator opens an impersonation session against your tenant, the dashboard renders a persistent banner across the top of every page. The banner shows:

  • The operator's identity (email and operator role).
  • The reason recorded when the session opened.
  • The expiry timestamp in your local timezone.
  • A single button to end the session immediately.

Ending the session does not require an admin role — any tenant user with access to the dashboard can end an active impersonation. The termination is logged with the user identity that ended it.

Finding operator activity after the fact

Operator activity is queryable in your audit log. Filter by actor_type=operator_impersonating to see the complete history — opened sessions, every action taken inside the session, and the close event with the close reason (expiry, manual termination, or operator logout).

// go deeper

The full security posture sits behind this policy.

Operator access is one operational control among many. The security page documents authentication, authorization, encryption, and audit in full.

Read the security posture Ask about this policy