Access & Permissions

Login issues, permission errors, feature restrictions, and API key authentication.

Written By Victor Raessen

Last updated 2 days ago

Access & Permissions

Common issues related to logging in, accessing features, and user permissions.

Access forbidden errors

Error message

Cause

Resolution

"Unfortunately, your company is not enabled for the portal yet"

Company login is restricted. The company type uses an allowList and this company is not on it, or uses a denyList and the company is blocked.

Go to the company in Admin, enable login access. The admin who manages this company type controls login policy.

"Your account has been disabled"

The user's allowLogin flag is set to false.

Go to Admin > Users, find the user, and re-enable their account.

"Your email address hasn't been verified yet"

User registered but hasn't clicked the verification link in their email.

Ask the user to check their inbox (including spam) for the verification email. Re-send from Admin > Users if needed.

"Your company link has not been verified"

The user's company association has not been verified by an admin.

Go to Admin > Users, find the user, and verify their company link.

"You don't have permission to access this resource"

The user's role does not include the required permission for this action.

Check the user's role at Admin > Users. Assign a role with the needed permissions, or use a built-in Admin role.

Feature requires higher plan

Some features are gated by subscription tier. If a user reports a feature they cannot access:

  1. Check Admin > Subscription to see the current plan

  2. Features like advanced approvals, public API, webhooks, and storefront require specific plan tiers or add-ons

  3. Contact your account manager to upgrade if needed

See Subscription for plan details.

Login and SSO issues

  • Google/Microsoft SSO not working — Ensure the SSO domain matches the user's email domain. SSO is configured at Admin > Site. See Site for details.

  • Password reset not received — Check spam folders. Password resets come from Firebase Authentication, not from your Salesbuildr domain.

  • "User has been deleted" — The user's identity has been marked as deleted. A Admin must re-enable the account.

API key authentication

  • "No API key provided" (401) — Ensure the API key is sent in the api-key header (case-sensitive).

  • "API key not valid" (403) — The API key does not match any identity, or the identity's email is not verified.

  • "Public API is not enabled" (403) — The Public API feature must be enabled for your tenant. Contact your account manager.

See Users & Access for full permissions documentation.

See also