# Accounts

AppControl can use either local accounts or SSO to authenticate users. The Accounts page is visible to users with the Platform Administrator role and can be used to manage accounts, roles, and SSO settings.

For more information about user roles and access to features in AppControl see the following:

{% content-ref url="/pages/Fcv2J6C2v9NkskvtjDnc" %}
[User Roles & Access](/overview/user-roles-and-access.md)
{% endcontent-ref %}

<details>

<summary>Accounts</summary>

The accounts tab provides an overview of all accounts currently configured in the AppControl. Use this overview to manage the roles that each user has. Note the following about user roles:

* The default user role is '**NoAccess**'. If you are using SSO you can configure the SSO user provisioning settings to use a different default role.
* There basic user role needed to use the complete feature set of AppControl is '**AppViewer**'. This role provides read-only access to all apps that a user has been configured to view. All users (including the Platform Administrator) must have this user role.
* A limited access role called '**PolicyViewer**' is also available. Use this role instead of the 'AppViewer role' if you want to limit the functionality of a user to only Policies and Insights.

</details>

<details>

<summary>Authorized Domains</summary>

Authorized domains is used for calculating user license metrics. When counting whether users are internal or external to your organization, AppControl uses the domains listed here. Add the domains that are internal to your organization so that the user metrics displayed on the AppControl dashboard are accurate.&#x20;

</details>

<details>

<summary>SSO</summary>

Depending on the authentication service you are using for AppControl (configured by setting the **MxOM\_Core.AuthenticationService** constant), additional settings will be available here.

* **Local.** There are no additional settings available.
* **Mendix SSO.** There are no additional settings available. Note: Mendix SSO only works if you have deployed AppControl to the Mendix Cloud.
* **SAML.** The standard Mendix SAML module is used. For further information on how to configure the SAML module please refer to the [Mendix SAML documentation](https://docs.mendix.com/appstore/modules/saml/).

</details>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.bluestorm.io/administration/system/accounts.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.