Skip to main content

Plan Your Organization Setup

Before inviting users, configure the organization-level settings that affect the whole tenant. In Siesta AI, this planning happens mostly in Organization, then continues in Users, Teams, Connections, and Security.

What to Decide First

  • Who owns the Siesta AI organization and can approve access changes.
  • Which departments, projects, clients, or business units need separate teams.
  • Whether user access should be synchronized from Microsoft Entra ID.
  • Whether users should be linked to the organization by approved email domains.
  • Which tools should be available globally and which should be limited.
  • Which workflows are safe for broad use and which need a pilot group first.
  • Which data sources contain sensitive or regulated information.

Organization Settings to Review

Open Organization and review each tab before rollout:

  • General: check the current plan, subscription details, token consumption, and basic organization identity.
  • Api Keys: create named keys only for known integrations. Use Create New Key, copy the value once, and delete unused keys.
  • SSO Config: configure Microsoft or Google SSO with Tenant ID, Client ID, Client Secret, and redirect URLs.
  • Settings: choose default transcription AI, decide whether Enable Recordings should be on, and use Sync Microsoft Entra Groups after Microsoft SSO is configured.
  • Security: review allowed authentication methods, retention rules, anonymization in AI, and sharing rules for conversations and recordings.

Review token budgets in Connections for model connections that need daily or weekly limits by organization, user, or team.

What Can Wait

Do not block the first rollout on every technical detail. Endpoint payloads, realtime WebSocket behavior, all audit event types, model cost trade-offs, prompt shield internals, and connection-specific reference details can wait until a team needs that capability.

For the first launch, decide who owns the organization, how users join, which teams exist, which shared connections are approved, which agents are safe to use, and where admins will review Tool Executions and Audit Log.

Identity and Domain Access

Decide early how users should become part of the organization. Siesta AI can be planned around direct invitations, Microsoft Entra ID synchronization, or domain-based organization linking.

With Microsoft Entra ID synchronization, administrators can align Siesta AI access with the identity and access model already used in Microsoft environments. This is useful when user lifecycle, group membership, and access governance should follow the organization's central identity provider.

Domain-based linking can be used when people with an approved company email domain should be associated with the organization. Multiple domains can be configured when the organization uses several email domains. Because domain linking affects who can join or be associated with the organization, coordinate this setup with Siesta AI technical support before enabling it.

Suggested Rollout

Start with a small pilot team that includes one admin, one business owner, and a few users who understand the target workflows. Create only the required connections, such as Google Drive, Gmail, Slack, Jira, HubSpot, Google Calendar, SharePoint, Azure Storage, or a REST API connection. After the first successful agents and workflows are reviewed, expand team by team.

Avoid creating one shared workspace for everyone unless all users can safely access the same tools, data, and agents. A smaller team structure is easier to govern and audit.

Naming Conventions

Use names that explain ownership and purpose. For example, use Marketing - Production, Finance - Reporting, or Client A - Support instead of generic names like Team 1.

Common Mistakes

  • Inviting users before tool access is planned.
  • Sharing high-permission API keys with too many teams.
  • Creating agents before deciding which data they can use.
  • Treating test connections as production connections.
  • Enabling domain-based linking before confirming all allowed domains with technical support.
  • Syncing Microsoft Entra groups before checking SSO configuration and group ownership.