> ## Documentation Index
> Fetch the complete documentation index at: https://docs.firstresonance.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Configure export control

> Restrict access to sensitive parts and procedures so only authorized users can view their technical data.

Export control is a feature that lets you mark individual parts, procedures, and runs as export-controlled. When one of these is flagged, users without the correct access group see no technical data for that item. The restriction is enforced at the API level: parts, procedures, and runs are filtered from query results, and unauthorized users cannot set or change the export-control status of those records. Part inventories are not filtered, but updates to an inventory tied to an export-controlled object are blocked for unauthorized users.

Export control relies on identity-provider groups passed via SSO, and works with any identity provider; Microsoft Azure SAML is the documented and supported path. There's no self-serve toggle in the app. To enable export control for your environment, contact [support](https://support.firstresonance.io/).

## How it works

Access is controlled through identity-provider groups. Users who belong to a group named **Employee Export UnRestricted** or **Export UnRestricted** can view export-controlled data. Everyone else sees no data for those items.

The group membership is passed to ION via your SAML connection. ION does not manage group membership directly.

## Set up your SAML connection for export control

1. In your SAML connection, enable the **Get user group** attribute so ION receives group membership on each login. With Azure SAML, this passes Azure Active Directory groups.
2. In your identity provider, add users to a group named exactly **Employee Export UnRestricted** or **Export UnRestricted**.

## Related

* [Set up SSO](/administration/authentication-settings/set-up-sso)
