Skip to main content
Export control is a feature that lets you mark individual parts, procedures, and runs as export-controlled. When one of these is flagged, users without the correct access group see no technical data for that item. The restriction is enforced at the API level: parts, procedures, and runs are filtered from query results, and unauthorized users cannot set or change the export-control status of those records. Part inventories are not filtered, but updates to an inventory tied to an export-controlled object are blocked for unauthorized users. Export control relies on identity-provider groups passed via SSO, and works with any identity provider; Microsoft Azure SAML is the documented and supported path. There’s no self-serve toggle in the app. To enable export control for your environment, contact support.

How it works

Access is controlled through identity-provider groups. Users who belong to a group named Employee Export UnRestricted or Export UnRestricted can view export-controlled data. Everyone else sees no data for those items. The group membership is passed to ION via your SAML connection. ION does not manage group membership directly.

Set up your SAML connection for export control

  1. In your SAML connection, enable the Get user group attribute so ION receives group membership on each login. With Azure SAML, this passes Azure Active Directory groups.
  2. In your identity provider, add users to a group named exactly Employee Export UnRestricted or Export UnRestricted.