Access control for Torq Interact enables workflow builders to define exactly which users, roles, or external SSO identities are allowed to access and execute an Interaction Flow. Key benefits include:
Least-Privilege Control: Ensure only authorized users can access and execute Interaction Flows.
Stronger Security & Compliance: Apply granular controls that support secure, auditable operations.
Safe End-User Access: Ensure secure engagement with Interaction Flows across internal teams, external users.
Flexible access for Torq Interact
Torq Interact permissions let you tailor exactly who can access and execute each Interaction Flow, with optional custom roles for fine-grained least-privilege control. Access patterns include:
MSSPs can use Torq Interact permissions to separate access between customers and internal teams. For example, customers get only onboarding flows, analysts get triage/investigation flows, and admins see everything, supporting secure multi-tenant operations.
Enterprises can scope Interactions by team and function: business users get request flows, security teams get IR flows, and external users get vendor-specific flows via SSO.
How to use
Access control in Torq Interact enables workflow builders to precisely control who can access and execute Interaction Flows. Once configured, these rules ensure only approved users or external SSO users can interact with the flow in any context.
Open the Interaction Flow settings: Click Flow Settings, and in the Interaction Flow Settings modal, scroll down to Access control.
Configure workspace user access: In the General Access section, click Workspace users and choose which workspace users can access or run the Interaction Flow:
All (default): Allow all users configured in the workspace to run the Interaction Flow.
Selected (by email addresses or roles): Grant access using any of the following methods (you can also combine manual selections with context references):
Specific email addresses
Workspace roles (built-in or custom). Note that custom roles aren’t supported when sharing this workflow.
for Interaction flow starting in the middle of the workflow, context references containing arrays of either users or roles.
The Owner role is always included automatically.
When using a context reference, always pass an array (even for a single value). Each array must contain only emails or only roles, don’t mix types.
You can use multiple context references.
3. Configure external SSO user access: In the In the General Access section, click
External SSO users and, specify which external SSO identities are allowed to
access the Interaction Flow:
None (default): No external SSO users can access.
All: Any valid external SSO identity may access.
Selected by email addresses: Only specified external identities may access.
All combinations of workspace user access + external SSO access are fully supported.
The video below shows how to combine roles, email addresses, and context references when configuring workspace user access.
Priority and access behavior
Workspace membership or SSO-application access always takes priority. A user listed in permissions must still have platform or SSO access to access or interact with the Interaction Flow.
For example:
Users added by email who are not members of the workspace won’t be able to access the Interaction Flow
Access granted in the Interact settings cannot override SSO restrictions; users denied through SSO won’t have access.
In-product access
Access to Torq Interact through the sidebar or within Cases (User Input Tasks) follows the general workflow access settings, as explained above. For example, if you restrict access to the Owner role only, analysts won’t see the Interaction in the sidebar and won’t be able to open it inside Cases.
Sharing and access considerations
Custom roles
Custom roles don’t carry over to the destination workspace, as each workspace maintains its own unique set of custom roles.
Email-based access
Users added by email who are not part of the destination workspace will not have access. Their email will still appear in the selected list, but they will only gain access if:
They are members of the destination workspace, or
They are included in the Torq app within the SSO provider and external SSO access is enabled in the Interaction Flow settings.
Passing arrays of emails via workspace variables
This functionality is currently supported only for Interaction Flows that start in the middle of the workflow. It is not yet available for trigger-based Interactions.
Interact Only role
If you grant Interact Only access in a workspace, we recommend reviewing and updating access control across all Interaction Flows to ensure the right users can engage with them.