1. Pipe17 Help Center
  2. Organizations & Access
  3. Support Consent

Support Access Consent: How Pipe17 Protects Your Environment

Pipe17 Support Manager

Support access consent gives you direct control over the level of access Pipe17 support staff have in your environment. You decide what support staff can and cannot do when they enter your organization to help you, which keeps your data protected and supports your compliance requirements.

All support access is temporary by default and logged for audit purposes.

How it works

Your organization profile includes a Support access consent setting. This setting determines the maximum level of access any Pipe17 support staff receive when they enter your environment to assist you.

The consent flow is straightforward:

  1. You choose a consent level in Settings → Profile. Read-Only is the default for all organizations.
  2. When you need support, the Pipe17 agent receives a temporary role that matches your chosen consent level.
  3. Access expires automatically after 5 calendar days, and the agent is removed from your environment. If you need ongoing support, a new session must be started, subject to your current consent level.
  4. You can change your consent at any time. Lowering or revoking consent takes effect for all future access sessions.

Consent levels

Each consent level determines what Pipe17 support staff can do when they access your environment.

Consent level What support staff can do When to use
Block all access No Pipe17 employee can access your environment for support. You want no external access at all. This may limit the support team's ability to troubleshoot issues on your behalf.
Read-Only View all configurations, integrations, mappings, orders, and data. Cannot make any changes. Standard support. Pipe17 can diagnose issues by reviewing your configuration but must ask you to make changes.
Limited Edit (also called Enhanced) (default) Everything in Read-Only, plus: create, update, and manage custom mappings; run integration actions (for example, re-pull orders); update integration settings; create and manage jobs. Active troubleshooting. You trust Pipe17 to make limited, targeted changes to resolve issues faster.
Full Access Equivalent to your Administrator role. Full create, read, update, and delete access on all entities. Comprehensive hands-on support, complex configuration changes, or when you want Pipe17 to manage tasks end to end.
Inherit from parent Uses the same consent level as the parent organization. Only visible for secondary organizations in a multi-org setup. Multi-org or OEM environments where you want consistent policies across child organizations.

All existing and new organizations are set to Read-Only by default. You do not need to take any action unless you want to change this.

Managing your consent

Changing your consent level

Any administrator in your organization can change the consent level at any time:

  1. Navigate to Settings → Profile in the app.
  2. Locate the Support access consent section.
  3. Select your preferred consent level. The change takes effect for all future support sessions.

Granting extended access to individuals

The consent level sets a broad policy for all Pipe17 support staff. You can also grant individual access to a specific Pipe17 employee that goes beyond your consent level:

  1. Go to User management in the app.
  2. Select Invite user and enter the Pipe17 employee's email address.
  3. Choose the role to assign (for example, Administrator) and set an expiry date.

The invited user keeps the role and access you selected until the expiry date. You can remove them at any time. This is the recommended approach for onboarding projects, solution architect engagements, or any scenario that requires extended, elevated access.

What to expect

  • No action is needed on your part. Your organization is already set to the default.
  • Support workflows continue as before. The support team can still view your configurations to diagnose issues.
  • If support needs to make changes on your behalf, they will ask you to upgrade your consent level to Limited Edit or Full Access, or to invite them individually with the appropriate role.
  • All support access is temporary and expires automatically after 5 calendar days.
  • You can view active support users in User management and remove them at any time.

Frequently asked questions

  • What is the default consent level?
    Read-Only. This is set automatically for all existing and new organizations. With Read-Only, Pipe17 support staff can view your configurations and data to diagnose issues, but cannot make any changes.
  • Do I need to do anything?
    No. Your organization is set to the default automatically. You only need to take action if you want to change your consent level.
  • Can Pipe17 support still help me if I keep Read-Only?
    Yes. Support can view your configurations and data to diagnose issues. If a fix requires a change in your environment, the support agent will guide you through making the change yourself, or ask you to temporarily upgrade your consent level so they can act on your behalf.
  • How do I let Pipe17 make changes for me?
    You have two options:
    • Change your consent level to Full Access in Settings → Profile, which applies to all support staff.
    • Invite a specific Pipe17 employee through User management with the role and expiry date you choose.
  • How long does support access last?
    All support access through the consent model expires automatically after 5 calendar days. If support needs more time, the agent must start a new session. Individually invited users have access until the expiry date you set when inviting them.
  • Can I remove a Pipe17 support user before 5 calendar days?
    Yes. You can view and remove active support users at any time from User management in the app.
  • What does "Inherit from parent" mean?
    This option is only visible for secondary organizations in a multi-org setup, such as OEM environments. It means the secondary organization uses the same consent level as the primary (parent) organization. Secondary organizations can override this to set their own level.
  • What if I block all access and have an emergency?
    If you block all access, no Pipe17 support staff can enter your environment. For an urgent issue, you will need to change your consent level first. In rare, critical emergencies affecting system stability, a very small number of authorized Pipe17 personnel may access your environment to protect the integrity of the platform, with full logging.
  • Is access to my environment logged?
    Yes. Every time a Pipe17 employee accesses your environment through the consent model, the event is recorded, including who accessed it, what role they received, and when the access occurred and expired.
  • Can I give a Pipe17 employee permanent access?
    You can invite a Pipe17 employee with a far-future expiry date through User management. This effectively provides long-term access. We recommend setting a reasonable expiry and extending it as needed rather than granting indefinite access.
  • Can I create a custom role for Pipe17 staff?
    Yes. When inviting a Pipe17 employee through User management, you can assign any role available in your organization, including custom roles you have created. This gives you granular control over exactly what a specific Pipe17 employee can access.

Need Help?

If you need additional assistance:

  • Use Ask Pippen, our AI agent, located at the top of the platform page.
  • Submit a support request with as much relevant detail as possible. Learn how to submit a request.
  • For urgent issues, email us directly at support@pipe17.com.

We're here to help you succeed with your operations.

Support access consent: internal operations and implementation guide

Articles in this section

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.

Have more questions?
Submit a request
Share it, if you like it.