Roles
What roles come with Twenty by default?
What roles come with Twenty by default?
Twenty comes with an Admin and Member roles by default. You can create additional custom roles based on your team’s needs (e.g., Sales Rep, Manager, Read-Only User).
Can I delete the Admin role?
Can I delete the Admin role?
No, the Admin role cannot be deleted. There must always be at least one member assigned to the Admin role.
What happens when I delete a role?
What happens when I delete a role?
Any workspace member assigned to that role will be automatically reassigned to the default role.
How do I set a default role for new members?
How do I set a default role for new members?
Go to Settings → Roles, find the Default Role option, and select which role new members should automatically receive when they join.
Can I assign multiple roles to one user?
Can I assign multiple roles to one user?
No, each user can only have one role at a time. Create a custom role if you need a combination of permissions.
Permissions
What's the difference between object and field permissions?
What's the difference between object and field permissions?
- Object permissions: Control access to entire records (e.g., can see/edit/delete People records)
- Field permissions: Control access to specific fields within an object (e.g., can see but not edit the Salary field)
How do permission overrides work?
How do permission overrides work?
Permissions cascade from global to specific:
- All Objects sets the baseline for all objects
- Object-Level Permissions can override the global setting for specific objects
- Field-Level Permissions can override the object setting for specific fields
What do the different permission levels mean?
What do the different permission levels mean?
For objects:
- See Records: View records in lists and detail pages
- Edit Records: Modify existing records
- Delete Records: Soft-delete records (can be restored)
- Destroy Records: Permanently delete records
- See Field: View the field value
- Edit Field: Modify the field value
- No Access: Field is completely hidden
Can I restrict access to specific records (row-level permissions)?
Can I restrict access to specific records (row-level permissions)?
Row-level permissions will be available on the Organization plan by Q1 2026. This allows you to restrict access to specific records based on criteria (e.g., only see your own opportunities).
How do I make a field read-only for certain users?
How do I make a field read-only for certain users?
- Go to Settings → Roles
- Select the role
- Navigate to the object containing the field
- Set the field permission to See Field (without Edit Field)
Settings & Actions
What settings permissions are available?
What settings permissions are available?
You can control access to:
- API key generation
- Workspace preferences
- Role assignment
- Data model configuration
- Security settings
- Workflow management
What action permissions are available?
What action permissions are available?
You can control:
- Send Email: Ability to send emails from Twenty
- Import CSV: Ability to import data via CSV
- Export CSV: Ability to export data to CSV
SSO
Is SSO available on all plans?
Is SSO available on all plans?
No, SSO is a Premium feature available on the Organization plan only.
Which identity providers are supported?
Which identity providers are supported?
Twenty supports:
- SAML 2.0 (works with most enterprise identity providers)
- Google Workspace
- Microsoft Entra ID (formerly Azure AD)
What is Just-in-Time (JIT) provisioning?
What is Just-in-Time (JIT) provisioning?
With JIT provisioning, user accounts are automatically created in Twenty when someone logs in via SSO for the first time. They’re assigned the default role automatically.
Can I require SSO for all users?
Can I require SSO for all users?
Yes, once SSO is configured, you can disable password login for SSO users to enforce authentication through your identity provider.