Skip to main content

Understanding Users, Contacts, and Permission Groups

Learn how Arxus structures access, communication, and roles across its ecosystem and how this model is enforced and managed through the Customer Portal.

Updated this week

Users & Contacts: What’s the difference?

Within Arxus you will interact with services through two main roles: Users and Contacts.
This distinction isn’t just technical, it’s part of how Arxus ensures clarity, accountability, and security across all engagements.

Users

Users are the individuals who actively interact with the Customer Portal and its applications. They have login credentials, are assigned to permission groups, and their access to services depends entirely on those group definitions.

  • Have access to the customer portal and its ecosystem applications.

  • Can perform actions and view data based on their assigned permission group(s).

  • May also be designated as Contacts if they need to receive specific communications or notifications.

🟢 In short: Users operate within the portal, and their access is defined by the permission groups they belong to.

Contacts

Contacts, on the other hand, are essential for communication and coordination within the Arxus operating model.
They may not access the Customer Portal directly, but they are the official points of contact for specific types of communication or approval.

  • Do not necessarily log in to the portal.

  • Receive Arxus notifications and updates relevant to their designated role.

  • May be required to review or approve commercial (CSP) contracts.

🟢 In short: Contacts connect your organization to Arxus through official communication channels.

Contact Roles

Each Contact plays a defined part in how Arxus communicates and operates with your organization.
These roles ensure that the right people receive the right information, at the right time.

Technical Contact

  • Primary liaison for technical and security matters.

  • Manages tenants, IT operations, and service continuity.

  • Receives technical updates, incident reports, and health alerts.

  • Must have Service Desk access and typically holds Global Administrator rights.

  • First point of contact in case of tenant or operational issues.

Commercial Contact

  • Handles business and licensing communications.

  • Approves commercial (CSP) contracts with Arxus and Microsoft.

  • Ensures compliance with licensing terms and agreements.

  • Must have signing authority on behalf of the organization.

💡 Best Practice: Always assign a Commercial Contact with explicit authority to accept legal terms.
If no prior service agreement exists, this contact will receive the Service Agreement for review and signature before tenant provisioning.

Data Protection Officer (DPO)

  • Oversees GDPR compliance and data privacy matters.

  • Acts as the official contact for data breaches or audits.

  • In larger companies, this is usually a compliance officer or DPO; in smaller ones, it may be a senior executive.

  • Missing this role could delay critical compliance notifications.

Watchlist Contact

  • Automatically copied on all Service Desk email communications.

  • Ensures visibility and oversight of incident activity.

  • Can be an individual or a distribution list.

🟢 Use Case: Keep managers or teams informed about ongoing cases without giving them direct ticket responsibilities.

Security Incident Escalation Contact (SecWise Watch users only)

  • Primary contact for high-severity security incidents in SecWise Watch and Care services.

  • Must be a ServiceNow user with IT or security admin responsibilities.

  • Coordinates with SOC teams for response and remediation.

  • If missing or incorrect, critical alerts may be delayed or missed.

To create, manage, or delete Users or Contacts, go to the Users & Permissions section of your Customer Portal.
All role assignments, permissions, and communications are centrally managed and enforced here.

Users & Contacts: When to create each

Create a User if:

  • You want someone to access and manage the Customer Portal, ServiceDesk, or ecosystem applications.

  • You need to grant access through permission groups that define what they can do in each service.

Create a Contact if:

  • You want someone to receive notifications or represent your organization in communication with Arxus.

  • You need to assign an official point of contact for contractual, security, or support matters.

🟢 Note: A single person can be both a User and a Contact if they perform both functions.

What are Permission Groups?

Permission Groups are at the core of how access works in the Arxus ecosystem.
They don’t just define “rights” — they define which services and functionalities a user can access within the portal and across connected applications.

  • Service-Based Access: Each permission group represents a defined set of services or functions within the Arxus ecosystem. A user’s access level is determined entirely by the groups they belong to.

  • Central Enforcement: The Arxus Portal enforces these groups automatically, ensuring that permissions stay consistent and compliant across all services.

  • Customizable Structure: You can create or adapt permission groups to match internal team responsibilities or security models.

  • User Assignment: Assigning a user to one or more groups ensures they have the right visibility and control in relevant parts of the portal.

To create, edit, or assign permission groups, navigate to Users & Permissions in the Customer Portal.

Get Help

If you need more help, contact your Customer Success Manager, reach out to our Service Desk support, or type your question in the chat to our support team. They will be ready to assist you.

Service Desk Support>

Related Articles
Customer Portal
Support Case Overview
Using Engage Chat
Understanding Email Notifications
Did this answer your question?