Set up Heplon

This guide covers the steps an admin takes to set up Heplon: connecting source systems, inviting users, organising groups, and granting access.

What you need

  • A tenant admin account and the tenant's Heplon URL.

1. Connect your source systems

Open Connectors in the sidebar (or navigate to /connectors).

The page lists the tenant's registered connectors. A new tenant shows an empty state.

Select Add connector, then choose a provider.

After entering authentication information, the connector appears in the list and Heplon queues an ingest job immediately.

2. Invite users

Open Users in the sidebar (/users).

The page shows all users who have an account in this tenant, with their group membership and provisioning status. A user appears as active once they have signed in; they appear as pending after you invite them but before they first log in.

Select Invite user to open the invite dialog. Enter the user's email and choose an intended group or role. Submit the form. The user appears in the list with pending status.

3. Create groups and assign members

Groups let you manage access in bulk. On the Users page, use the groups section to:

  • Create a group: enter a display name and confirm. Heplon allocates a stable id for the group.
  • Rename a group: all grants and memberships follow the rename; nothing else changes.
  • Add or remove members: select a group, then add or remove users from it.

Assign users to groups before granting groups access to connectors in the next step.

4. Grant access to connectors

Open Permissions in the sidebar (/permissions).

Select a connector to see its access list: the users and groups that can access it, each with a role. Access inherited through group membership is shown separately from direct grants.

To grant access, pick a user or group, choose a role, and confirm:

  • Owner: full control over the connector, including managing its access.
  • Editor: can read from and write to the connector.
  • Viewer: read-only access.

Group grants cascade to all group members automatically. To check whether a specific user would be allowed a given action, use the access-check feature: select a subject, action, and connector to see whether access is allowed and the path that grants it (direct, via a group, or via tenant-admin inheritance).

To change a role, update the existing grant. To remove access, revoke the grant. All changes persist immediately.

See also