Access & Permissions

Login issues, permission errors, feature restrictions, and API key authentication.

Written By Victor Raessen

Last updated 3 days ago

Access & Permissions

Common issues related to logging in, accessing features, and user permissions.

Who can change access

Only an account Admin can activate, deactivate, or change the role of a user. If you need an access change and your usual admin is unavailable, identify another admin on the account to make the change. If no other admin is available, contact Salesbuildr Support at support@salesbuildr.com.

Access forbidden errors

Error message

Cause

Resolution

"Unfortunately, your company is not enabled for the portal yet"

Company login is restricted. The company type uses an allowList and this company is not on it, or uses a denyList and the company is blocked.

Go to the company in Admin, enable login access. The admin who manages this company type controls login policy.

"Your account has been disabled"

The user's allowLogin flag is set to false.

Go to Admin > Users, find the user, and re-enable their account.

"Your email address hasn't been verified yet"

User registered but hasn't clicked the verification link in their email.

Ask the user to check their inbox (including spam) for the verification email. Re-send from Admin > Users if needed.

"Your company link has not been verified"

The user's company association has not been verified by an admin.

Go to Admin > Users, find the user, and verify their company link.

"You don't have permission to access this resource"

The user's role does not include the required permission for this action.

Check the user's role at Admin > Users. Assign a role with the needed permissions, or use a built-in Admin role.

Feature requires higher plan

Some features are gated by subscription tier. If a user reports a feature they cannot access:

  1. Check Admin > Subscription to see the current plan

  2. Features like advanced approvals, public API, webhooks, and storefront require specific plan tiers or add-ons

  3. Contact your account manager to upgrade if needed

See Subscription for plan details.

Login and SSO issues

  • Google/Microsoft SSO not working — Ensure the SSO domain matches the user's email domain. SSO is configured at Admin > Site. See Site for details.

  • Password reset not received — Check spam folders. Password resets come from Firebase Authentication, not from your Salesbuildr domain.

  • "User has been deleted" — The user's identity has been marked as deleted. A Admin must re-enable the account.

    • Tip: Before offboarding a user, confirm exactly which profile you're deactivating. Deactivating the wrong profile can lock out an active team member.

  • SSO email mismatch

    If a user cannot log in via SSO, the most common cause is a mismatch between the email address stored in Salesbuildr and the email address their SSO identity provider authenticates with (such as Microsoft Entra/Azure AD or Google Workspace).

    To diagnose:

    1. Log in as an admin and navigate to Admin > Users & Access > Users

    2. Find the affected user and check the email address on their profile

    3. Confirm the email address their SSO provider authenticates with (this may differ if they have an alias or if a domain has changed)

    4. If the addresses differ, update the Salesbuildr profile email to match the SSO identity exactly

  • Domain change or email alias

    If your organization has changed its email domain or added a new domain as an alias, users who previously logged in via SSO may find their login broken. The SSO token references the new or primary email, which may not match the stored Salesbuildr profile.

    To resolve:

    1. Have an admin update the affected user's email in Salesbuildr to match the current primary SSO email

    2. Ask the user to attempt login again using the updated email

    3. If the issue persists after the email is corrected, contact Salesbuildr support and provide the email address being used, so support can check whether login attempts are reaching the system

API key authentication

  • "No API key provided" (401) — Ensure the API key is sent in the api-key header (case-sensitive).

  • "API key not valid" (403) — The API key does not match any identity, or the identity's email is not verified.

  • "Public API is not enabled" (403) — The Public API feature must be enabled for your tenant. Contact your account manager.

See Users & Access for full permissions documentation.

See also