Skip to main content

Registration and Onboarding Workflow

This document outlines how new entities and users are registered and onboarded within the RiskFlow platform. The workflow differs slightly depending on the entity type — MSP or Organization — and whether the user is self-registering or being invited.

MSP Registration

1. Self-Registration (First MSP User)

  • A new MSP begins by registering through the platform’s registration page.
  • Once submitted, the user and their MSP entity are placed in a stored (pending) state.
  • The RiskFlow Owner is notified and must approve or reject the MSP.
  • Upon approval:
    • The registering user becomes the MSP Super Admin.
    • The MSP is now active and can begin managing organizations and users.

Only the Owner can approve the first user of any new MSP.

2. Additional MSP Users

  • Once the MSP is approved and active, other users can register under that MSP.
  • These subsequent users are also stored in a pending state.
  • Their approval is handled by the MSP Super Admin of their respective MSP.

A user cannot join an MSP directly unless the MSP is already approved.

Organization Registration

1. Self-Registration (Independent Organization)

  • An organization can self-register via the platform’s registration page.
  • Once submitted:
    • The organization and its first user are placed in a stored state.
    • The Owner must approve or reject the organization.
  • Upon approval:
    • The organization is created under RiskFlow management.
    • The first user becomes the Org Admin.

2. Organization Invited by MSP

  • Alternatively, an MSP Super Admin may invite the first user of an organization.
  • Upon acceptance:
    • The organization is created under that MSP.
    • The invited user becomes the Org Admin.
    • The organization is immediately linked to the inviting MSP.

3. Additional Organization Users

  • Organization Admins may invite or approve additional team members.
  • These users can have various roles such as Org Auditor, Employee, or Security Analyst.
  • All approvals are handled within the organization, by the Org Admin.

Owner Privileges

The RiskFlow Owner has global administrative powers to manage onboarding:

  • Accept or reject the first user of any MSP or Organization.
  • Invite MSPs or Organizations directly.
  • Assign unlinked organizations to an existing MSP.
  • Oversee all stored (pending) registrations in the system.

Summary of Approval Hierarchy

EntityFirst User ApprovalSubsequent User Approval
MSPOwnerMSP Super Admin
OrganizationOwner or Inviting MSPOrg Admin