
10 min read
Secure Admin Setup for Superhuman Docs
Enterprise admin best practices for controlling and enhancing security across your company.

Most features mentioned are only available on an Enterprise plan.
Customized security to fit your needs
We understand that the security of your data and your users is of utmost importance, and we are committed to partnering with you to ensure you are always in control. Instead of simply applying restrictions (which is possible), we recommend a granular approach, so you can make sure sharing and access within your Superhuman Docs workspace are customized for your needs and standards.What you’ll get:
- Security settings within your Enterprise plan
- Superhuman Docs' approach to security
- Recommendations for your settings

What you'll use:
- Org admin settings (Enterprise only)
- Workspace settings
- Admin API (Enterprise only)
A note about compliance
Superhuman Docs adheres to global privacy laws and security standards with measures in place to help you meet your compliance obligations. We are SOC 2 Type 2, GDPR, and CCPA compliant.
HIPAA compliance
Enterprise organizations can sign a Business Associate Agreement (BAA) for Superhuman Docs. At this time, some AI features are not covered under the BAA. Work is ongoing to bring those features into compliance with HIPAA requirements.
Your options, our recommendations
Member authentication and provisioning
Authentication & signing in with SSO
SSO, or “single sign-on," allows users to access multiple applications or websites via a single authentication source with enhanced security or user provisioning requirements. Enterprise customers can enable SAML 2.0 SSO for all managed domains in their organization. Superhuman Docs also offers alternative authentication options. Authentication Options: SSO (SAML), Google, Microsoft, Apple, magic link, and email. Recommendation: While any authentication method is better than none, we recommend setting up SAML SSO and disabling all other authentication mechanisms for your employees. SSO will not only help to secure your workspace but will also make Superhuman Docs more easily accessible to your employees. Learn more about setting up SSO for your organization.Provisioning with SCIM
SCIM (System for Cross-domain Identity Management) is a set of protocols that allow a third-party identity provider to manage users inside Superhuman Docs for your organization. This enables your identity provider to automatically provision and de-provision users and groups in Superhuman Docs, based on their roles and application assignments within your identity provider. Recommendation: Setting up SCIM makes onboarding and off-boarding users easier. With SCIM, you won’t have to worry about removing access to docs from former employees. SCIM also allows you to push groups defined by your identity provider to Superhuman Docs, which gives your users easy access to share docs and folders with groups rather than having to share with each individual. Learn more about configuring SCIM for provisioning in Superhuman Docs. Note: If your organization uses Google Groups to organize users and Okta to provision access, you can perform a one-time sync of Google Groups to Okta to get an initial import of Google Groups to Superhuman Docs. However, we recommend using SCIM. Learn more about how to push user groups to Superhuman Docs.Workspace setup
Admins
To manage your instance, Superhuman Docs has admin roles that can manage settings in both the organization and the workspace(s). You can learn about each role and what they can do here. Recommendation: We recommend you assign at least two Org Admins and two Workspace Admins (per workspace) to ensure coverage if another Admin is out of the office.Workspace creation
By default, Org Admins are the only role that can create workspaces within the organization. From here, they can assign Workspace Admins and Workspace Content Admins to help manage the workspace. The majority of our customers work out of one central workspace for easy collaboration, though some larger organizations might require separate workspaces for security reasons. Recommendation: Keep the toggle that allows users to create new workspaces turned off to prevent widespread creation of individual workspaces.Workspace membership assignment
There are two ways you can set rules for how members are assigned to workspaces within your organization:- Manage in Superhuman Docs (default)
- Manage via SAML assertions
Recommendation: Most organizations manage in Superhuman Docs. If you have more than one workspace, you might explore managing via SAML assertions.
- If you choose Manage in Superhuman Docs, we recommend you enable auto-join for the workspace you want all team members to join. Learn more.
- If you change to Manage via SAML assertions, this will override any existing auto-join rules. Learn more.
Set a default workspace (if appropriate)
The default workspace is designed to streamline and centralize org member access within your Superhuman Docs workspace(s). Establishing a default workspace will help you prevent the accidental creation of individual workspaces and ensure new and returning users are correctly placed. Recommendation: The default workspace is designed as a catch-all. It is suitable for the majority of Superhuman Docs enterprise customers, where there is one workspace that everyone should join. However, some organizations might have more complex workspace structures and membership requirements where the default might not be suitable. Learn more and assess if it’s right for you here.Enterprise advanced access control
Sharing of Docs, Packs, and Forms
Control how docs, Packs, and forms can be shared outside the organization. As an Org Admin, you can update your advanced sharing rules at any time from the organization settings console. You have three options to choose from:- Unrestricted.
- Invite-only external access.
- No external access.
Recommendation: We recommend choosing invite-only external access if you need to collaborate with users from external companies. If you do not need to collaborate with external users and only need to collaborate with employees within your company, then we recommend choosing no external access.
Doc transfers
All docs on Superhuman Docs require an owner. When a user is deactivated, their docs will become read-only after 7 days or until transferred to another Doc Maker. Org Admins have the option to:- Require Doc Makers to request a doc for admin approval before transfer (this is the default setting).
- Allow Doc Makers to self-claim a doc if they have edit access.
Pack security
Packs are powerful building blocks that connect your Superhuman doc to the apps you use every day—the tools you and your team use to communicate, code, and design. Because Packs connect to third-party apps and tools, most require additional authentication (read more about the security of Packs here). Org Admins and Org Packs Admins for teams on the Superhuman Docs Enterprise plan can either:- Allow all Packs to be used by all members (default state).
- Require admin approval and policies before installation.
Admin features to enhance your control
Audit log
For org admins on the Superhuman Docs Enterprise plan, the audit events dashboard is a powerful tool designed to help easily monitor and analyze all activity in your organization. This dashboard provides a centralized view of actions users have taken within Superhuman Docs. Org admins can use this information to identify potential security risks, such as unexpected access attempts, and to help ensure compliance with your organization's policies. Learn more about the audit events dashboard. Enterprise accounts can also integrate Superhuman Docs audit events into their SIEM (Security Information and Event Management) systems using Superhuman Docs Audit API.Doc access
See which docs in your workspaces have been shared with the public and change permissions or lock down access directly from the “Org doc” dashboard in your org settings. From this dashboard, you can update permissions on behalf of users at your organization. Learn more about controlling the sharing of docs and Packs.Superhuman Docs Admin API
The Superhuman Docs Admin API is a RESTful API that allows programmatic access to administrative reports and capabilities within Superhuman Docs. Enterprise admins can use the Admin API to view and modify policies, integrate with a DLP or e-discovery tool your company may use, view audit logs, and more. While you can find most usage information in your Members & Groups dashboard, the API allows you to dive deeper into what actions those users are taking within the workspace. We recommend using the Admin Pack. It's a UI layer for the Admin API that gives admins real-time information on users, docs, folders, Packs, and activity in their organization. The Pack allows you to view all of this info and make changes, right from a doc. Learn more about security features on Superhuman Docs.Advanced Security Settings
Several other policies can be configured for Enterprise customers either via your admin panel or Superhuman Docs support.- Manage in your admin panel: data export policy and idle session timeout.
- Contact support: inbound sharing policy, publishing policy, shared folder creation policy, and file upload policy.
Now what?
Security is just the start of what you can configure as an Admin. Check out these resources to go deeper:- Superhuman Docs for Enterprise: A guide for admins — a full walkthrough of setup, user management, and workspace configuration.
- Boost admin capabilities with our Admin API — how to use the Admin API and Admin Pack to manage your org programmatically.
- Admin's guide to managing doc transfers — what to do when doc owners leave your organization.
Was this helpful?
YesNo

