Overview

Access to Beacon should be limited to the people who need it, at the level of access appropriate to their role. This protects sensitive configuration, API credentials, and assessment data.

Access levels

Beacon has two access levels:

Admin — full access. Can manage deployments, view and edit integration settings (including API keys and Integration IDs), invite and remove users, review all results, and export data. Limit the number of admin users to those who genuinely need configuration access.

Viewer — read-only access. Can view results and dashboard activity but cannot make changes to deployments, settings, or user access. Suitable for credit analysts, risk reviewers, and operational teams who need to see results but not manage the platform.

Inviting users

From the Beacon profile dropdown (top right) → Invite teammates:

1. Enter the user's email address
2. Select their role (Admin or Viewer)
3. Send the invitation

The user will receive an invitation email which must be actioned within 24 hours. If it expires, re-send the invitation from the same menu. Ensure no other Begini links are open in the browser when clicking the verification link — this can cause a token conflict that requires a fresh invitation.

Removing access

Remove access promptly when a user leaves the organisation or no longer requires access. From the user management section in Beacon, locate the user and remove their access. Do not share Beacon accounts between users — each person should have their own login.

Best practices

• Follow the principle of least privilege — grant viewer access by default, admin only where needed
• Review who has access regularly, especially after team changes
• Never share admin credentials between users
• Restrict admin access to the smallest number of people necessary to manage the platform

Next steps

• Using The Beacon Dashboard — operational guide to Beacon
• Security Checklist — full pre-launch security checklist