Documentation
User guideDeveloper guideAPI ReferenceContact
  1. Administration

Account access

Account access controls which users can view or operate accounts on the platform.

Access is defined by:

  • User roles, which determine what actions a user can perform
  • Account assignment, which determines the accounts a user can access

Access can apply to:

  • Accounts owned by your organisation (local access)
  • Accounts owned by another organisation (delegated access)
📘

How you configure account access differs according to the platform you're using to administrate your accounts, either Vitesse.io or MAS. See below for more information.

Delegated access

Delegated access allows an organisation to grant external partners, such as TPAs or brokers, access to its accounts and platform functionality.

  • The account owner defines which accounts are shared and what actions are permitted.
  • The partner organisation assigns access to its users within those permissions.

This enables cross-organisation workflows while maintaining ownership, visibility and control.

Typical relationships include:

Account ownerExternal partner
CarrierTPA, Broker
TPACarrier, Broker
MGATPA, Broker
Capacity providerMGA, Broker

Account access in Vitesse.io

Vitesse.io provides a structured, self-service model for managing account access.

  • Administrators assign users to accounts directly in the platform
  • Delegated access is managed through Service relationships
  • The platform enforces delegated access automatically

Delegated access in Vitesse.io

Partner accounts are accounts owned by one organisation and made available to another organisation through a Service relationship.

A Service relationship links two entities:

  • Service owner (account owner)
  • Service provider (partner organisation)

The Service owner defines which accounts are included in the Service, and what permissions are granted. The Service provider can then operate those accounts and assign users to them.

This model allows multiple organisations to operate on the same accounts while maintaining clear ownership, access boundaries, and audit controls.

Automatic delegated access management

The platform automatically updates or removes access when the Service configuration changes. This ensures that users can only operate accounts they are authorised to use.

Access is removed for the following reasons:

  • A Service no longer allows delegated access
  • An account is removed from a Service
  • An account is reassigned to a different entity
  • A user is removed from the Service provider entity

Legacy paired accounts

Some accounts use a legacy configuration where multiple accounts are linked and share the same access settings.

When an administrator assigns a user to one account in a paired set, the assignment applies to all linked accounts.

📘

Vitesse is gradually removing these pairings.

Account access in MAS

MAS provides a manual model for managing account access.

  • Users are granted account access through security groups
  • Vitesse configures and updates account access and delegated access, based on support requests

Delegated access in MAS

Delegated access is configured during onboarding.

Account owners define:

  • The accounts they want to create (for example, binders or loss funds)
  • The external partners who require access
  • The level of access required for each partner

Vitesse configures the account structure and applies access based on these requirements.

External partners

External partners are onboarded before access is granted.

📘

Some partners may already exist within the Vitesse platform because of existing relationships. These require minimal onboarding.

Types of access

Access is assigned based on the partner’s role:

  • TPAs – typically have operational access to manage and process payments
  • Brokers – typically have read-only access for visibility and reporting

Access is controlled through roles and account access.

Getting started

After access is configured:

  1. Partner administrators are set up with access to the relevant accounts.
  2. Administrators create and manage their own users.
  3. Users begin operating via the Portal or API, depending on their setup.

Accounts must contain sufficient funding before partners can operate.

Ongoing control

Account owners retain control over delegated access at all times, including:

  • Changing access levels
  • Adding or removing partners
  • Reassigning accounts between partners

Requests to update access are managed in coordination with Vitesse.

Contact

To set up or update delegated access in MAS, contact Support.

Updated 18 days ago

Related information