Not every customer signs in just for themselves. An organisation can oversee many customers, and several people or systems can act on its behalf, each with a role that controls what they can do.

The pieces

TermWhat it is
GuardianAn organisation that oversees a group of customers. For example, a business managing its users, or a partner that manages accounts for others.
CustomerAn end customer that belongs to a guardian.
UserA person who signs in and acts within a guardian.
Software userA machine or API identity for server-to-server access within a guardian.
RoleAssigned to each user and software user (for example, admin or editor). It controls what they can do.

How they fit together

A user can belong to more than one guardian, and a guardian can have many customers, users, and software users.
This page explains the model. You manage these relationships — attaching customers, inviting users, granting roles and per-resource access — through the operator-facing access-management endpoints, documented in the Management API (see its Access management section and API Reference). If you’re building a multi-user or guardian setup and want a walkthrough, get in touch with the team.