> ## Documentation Index
> Fetch the complete documentation index at: https://docs.granola.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Enterprise Settings

> Admin controls for Granola Enterprise workspaces. Security settings, user management, and compliance options.

# Managing Enterprise Admin Settings

## Enterprise Admin Settings let workspace admins control how data is used, how notes are shared, and which security policies apply across their organization.

## Where to find Enterprise Admin Settings

These controls live in **Settings → Workspace > General** and apply to the entire workspace.

<img src="https://mintcdn.com/granola-c3940166/G-hu2B7XctWAfKsc/help-center/assets/hca_01KB5JH0K5XJS3S31CMZ4NXH71/wFile_01KBQMRBQ0RWCVEEX4RC3668JB-7fd5908273.png?fit=max&auto=format&n=G-hu2B7XctWAfKsc&q=85&s=a2d31fcfa3f1d0a2ca4fe81d7e3b80ca" alt="image.png" width="1176" height="797" data-path="help-center/assets/hca_01KB5JH0K5XJS3S31CMZ4NXH71/wFile_01KBQMRBQ0RWCVEEX4RC3668JB-7fd5908273.png" />

## What you can do with Enterprise Admin Settings

As an enterprise admin, you can apply controls on:

* Configure how data from your workspace is used within Granola
* Define how notes and folders in your workspace can be shared via links
* Decide if users can move notes between workspaces in your domain
* Configure whether meeting summary emails are sent to the meeting creator

Contact us at [hey@granola.so](mailto:hey@granola.so "mailto:hey@granola.so") with help on:

* Enable sign-in with SSO (single sign-on)
* Set up data retention for transcripts in your workspace
* Request usage data for your workspace

***

## Enforcing SSO-only login

Enterprise admins can require all users to sign in through SSO by disabling OAuth login methods (such as Google sign-in). Once OAuth login is disabled, users must authenticate through your configured identity provider to access Granola.

This is typically used alongside domain capture to ensure that all users on your domain both join the correct workspace and authenticate through your organization's identity provider.

SSO-only login is not self-service. Contact us at [hey@granola.so](mailto:hey@granola.so "mailto:hey@granola.so") to get started.

***

## New user onboarding with SSO

When domain capture and SSO are enabled, there is no need to create user accounts manually. New users are created when they first sign into Granola through your identity provider. During the onboarding flow, they are directed to join your Enterprise workspace.

***

## SCIM provisioning

SCIM (System for Cross-domain Identity Management) allows you to sync users between your identity provider and Granola. With SCIM enabled, user accounts are automatically created, updated, and deactivated based on changes in your identity provider.

SCIM syncs user groups but does not automatically provision users who were created in Granola before SCIM was enabled. Existing users need to be provisioned separately in your identity provider's SCIM configuration.

Contact us at [hey@granola.so](mailto:hey@granola.so "mailto:hey@granola.so") to get set up.

***