Organization Policies - Detailed Guide

Organization policies provide sophisticated control over member access to features and settings. Understanding how policies work, their enforcement modes, and how they affect individual settings is essential for effective organization management.

Policy Enforcement Modes

Organizations can choose between two enforcement modes that determine how policies affect member settings.

Strict Enforcement Mode

Strict Mode (enforceStrict: true): Policies are mandatory and cannot be overridden

Characteristics:

• Mandatory: Organization policies override all member settings
• No Override: Members cannot change settings that conflict with policies
• Complete Control: Administrators have full control over all settings
• Compliance: Perfect for highly regulated environments

When to Use:

• Regulatory compliance requirements
• Security-critical environments
• Organizations requiring strict standardization
• Audit and compliance scenarios

Example: If organization policy sets enhancedSearchEnabled: false in strict mode, members cannot enable enhanced search, regardless of their account settings.

Non-Strict Enforcement Mode

Non-Strict Mode (enforceStrict: false): Policies provide defaults that members can modify

Characteristics:

• Defaults: Policies provide default settings
• Member Control: Members can modify settings (with restrictions)
• Flexibility: Balances control with user autonomy
• Less Permissive Rule: Members can only make settings less permissive

When to Use:

• Organizations wanting guidance without strict control
• Teams needing flexibility while maintaining standards
• Gradual policy implementation
• Collaborative environments

The Less Permissive Principle

In non-strict mode, the system follows a "less permissive" rule that determines what changes members can make.

Understanding Permissiveness

Permissive Settings: Settings where true = enabled/allowed and false = disabled/restricted

Examples of Permissive Settings:

• chatEnabled: true = AI Chat enabled (more permissive), false = disabled (less permissive)
• enhancedSearchEnabled: true = enhanced search enabled (more permissive), false = disabled (less permissive)
• ocrEnabled: true = OCR enabled (more permissive), false = disabled (less permissive)

The Rule

Members Can: Change true → false (disable features that organization allows)

Members Cannot: Change false → true (enable features that organization restricts)

Examples

Example 1: Organization Allows, Member Disables

• Organization Policy: enhancedSearchEnabled: true
• Member Setting: Can set to false (disable for their account)
• Result: ✅ Allowed - Member is making it less permissive

Example 2: Organization Restricts, Member Tries to Enable

• Organization Policy: enhancedSearchEnabled: false
• Member Setting: Cannot set to true (enable for their account)
• Result: ❌ Not Allowed - Member cannot make it more permissive

Example 3: Strict Mode

• Organization Policy: enhancedSearchEnabled: true, Strict Mode: true
• Member Setting: Cannot change (locked to organization policy)
• Result: ❌ Not Allowed - Strict mode prevents all changes

Policy Indicators

Visual indicators throughout the application show when organization policies affect settings.

Policy Indicator Icons

Policy Indicator: Small icon next to settings indicates organization policy control

Indicator States:

• Present: Policy affects this setting
• Tooltip: Hover for details about the policy
• Color Coding: Different colors indicate policy type or enforcement level

Understanding Indicators

Organization Controlled: Setting is controlled by organization policy

Organization Default: Setting uses organization default but can be modified (non-strict)

Strict Enforcement: Setting cannot be changed (strict mode)

No Policy: No organization policy affects this setting

How Policies Affect User Settings

Policy Application Flow

When a user views or modifies settings:

1. Load User Setting: System loads user's current setting
2. Check Organization Policy: System checks if organization has a policy for this setting
3. Apply Policy: Policy is applied based on enforcement mode
4. Display Effective Setting: User sees the effective setting (policy-applied value)
5. Show Indicators: Policy indicators show policy influence

Strict Mode Behavior

In strict mode:

• Override: Organization policy value replaces user setting
• Locked: User cannot change the setting
• Visual: Settings show as disabled/locked with policy indicators
• Immediate: Changes take effect immediately for all members

Non-Strict Mode Behavior

In non-strict mode:

• Default: Organization policy provides default value
• Modifiable: User can change setting (if making it less permissive)
• Visual: Settings show policy indicators but remain editable
• Flexible: Members have control within policy constraints

Policy Categories

AI Features Policy

Control AI capabilities across the organization:

Settings:

• clientEnabled: Enable/disable AI Chat (master switch)
• chatEnabled: Enable AI Chat for sites
• summariesEnabled: Enable AI document summaries
• enhancedSearchEnabled: Enable AI enhanced search
• mcpEnabled: Enable External Tool Usage (MCP)
• useCreditsForThirdParty: Allow organization billing for collaborator AI usage
• permittedModels: Specify allowed AI models (empty = all allowed)

Policy Indicators: Appear on AI settings pages showing organization control

Search Policy

Control search capabilities:

Settings:

• fullTextSearchEnabled: Enable full-text search
• ocrEnabled: Enable OCR for PDF documents

Policy Indicators: Appear on search settings pages

Notification Policy (Strict Mode Only)

Control notification settings (only applies in strict enforcement mode):

Settings:

• frequency: Notification frequency (daily, weekly, monthly)
• hours: Notification hours (array of hours 0-23)
• days: Notification days (array of day names)

When Active: Only enforced when enforceStrict: true

Site Policy (Strict Mode Only)

Control site-level settings (only applies in strict enforcement mode):

Settings:

• autoAcceptInvites: Automatically accept site invitations
• enableLocalSync: Enable local synchronization

When Active: Only enforced when enforceStrict: true

Mandatory AI Instructions

Organization-level AI instructions that are automatically included with all member AI interactions.

Characteristics

Mandatory: Applied automatically to all organization members

Cannot Be Disabled: Members cannot disable organization instructions

Combined with Personal: Organization instructions are combined with personal instructions

Limit: Up to 10 mandatory instructions per organization

Policy Indicators

Mandatory instructions are indicated in AI Chat interfaces, showing that organization instructions are active.

Viewing Policies as a Member

Non-admin members can view organization policies:

Policy Summary

Navigate to Settings > Organization > Organization Policies to view:

• Policy Summary: Overview of active policies
• Policy Indicators: Visual indicators showing policy control
• Effective Settings: How policies affect your settings
• Enforcement Mode: Whether strict or non-strict mode is active

Understanding Your Settings

Policy Indicators: Show which settings are controlled by organization

Effective Values: See the actual settings that apply (after policy application)

Change Limitations: Understand what you can and cannot change

Policy Update Process

Updating Policies

Organization administrators update policies:

1. Navigate to Settings > Organization > Organization Policies
2. Modify policy settings
3. Click Save Policy
4. Changes take effect immediately

Impact of Policy Updates

Immediate Effect: Policy changes apply to all members immediately

Member Impact: Members may see settings change automatically

Notification: Consider notifying members of significant policy changes

Last Updated: Policy update timestamp is tracked for audit purposes

Policy Inheritance and Precedence

Hierarchy

Settings are determined by this hierarchy (highest to lowest):

1. Organization Policy (Strict Mode): Overrides everything
2. Organization Policy (Non-Strict Mode): Provides defaults with restrictions
3. User Account Settings: User's personal preferences
4. Site Settings: Site-specific overrides (subject to account and organization policies)

Precedence Rules

Strict Mode: Organization policy always wins

Non-Strict Mode:

• Organization provides default
• User can make less permissive changes
• Site settings can further restrict (but not enable if disabled higher up)

Best Practices

Policy Planning

Start Non-Strict: Begin with non-strict mode to allow flexibility while establishing defaults

Gradual Strict: Move to strict mode after policies are tested and refined

Document Policies: Document why policies are set and what they achieve

Communication

Inform Members: Communicate policy changes to members

Explain Rationale: Help members understand why policies exist

Provide Guidance: Offer guidance on working within policy constraints

Regular Review

Review Policies: Periodically review policies for relevance

Update as Needed: Update policies as organizational needs change

Monitor Compliance: Monitor how policies affect member workflows

Related Documentation

• Organization Settings - General organization management
• Organization Members - Member management
• AI Instructions - Understanding AI instructions