Trio’s admin console supports flexible permission controls through custom access levels. These allow organizations to define specific roles with tailored visibility and actions across all modules in the platform. The "Add New Access" flow guides you through a 3-step process: naming the role, assigning permissions, and selecting users.

Begin by setting the identity and purpose of the new access level.

This foundational step ensures that all roles are purpose-driven and easily distinguishable.

Next, define the exact permissions this role should have across platform areas. Permissions are set per module and broken into actions such as View, Edit, Assign, Delete, or Action, depending on the resource.

You can grant permissions granularly depending on operational needs—for example, giving a role the ability to view devices and compliance, but restricting access to software or security settings.

Once permissions are configured, the final step is to assign the access level to specific individuals in your organization.

⚠️ Only users with active status and MFA configuration (if required by the organization) should be assigned roles that grant high-level actions such as un-enrollment, remote wipes, or profile edits.

Click "Save new access" to complete the setup. The new access level will now appear in the Access Levels tab under Settings > Access, where it can be viewed, edited, or assigned again in the future.

Creating tailored access levels allows your organization to enforce least privilege, improve auditability, and maintain clear separation of duties. Instead of over-permissioned users, each team member operates with the exact level of access they need—no more, no less.