Conpermisso
Access compliance made simple

Access should follow the position, not the person.

Define position-based access once. Conpermisso automatically manages onboarding, role changes, and offboarding so HR, managers, and IT always know who should have access to what.

Start FreeInteractive Demo
conpermisso.com/requests/REQ-2418
REQ-2418Pending IT

Position change · Maria Reyes

Medical Biller Practice Manager

Effective

Mon, Jun 8

Admin Console

Owner · Practice ops

Grant

Reporting & Analytics

Read + Export

Grant

Clearinghouse

Submitter (no longer needed)

Revoke

Practice Mgmt (EHR)

Standard user · unchanged

Unchanged

Built for HR & IT teams in

  • Healthcare
  • MSPs
  • Professional services
  • Financial services
  • Legal & compliance
  • Regulated SMBs

The employee lifecycle

See it work from first day to last day

Every employee transition creates access changes. Conpermisso keeps everyone aligned by generating the right requests, tasks, and approvals automatically.

MR

Maria Reyes

New Hire Medical Biller

Maria joins the organization as a Medical Biller. Conpermisso reads the position blueprint and instantly generates the access requests and onboarding tasks required across HR, management, and IT.

Generated Access

4 actions
  • Practice Management (EHR)Grant
  • Billing PortalGrant
  • Email & SSOGrant
  • ClearinghouseGrant

The platform

Connected. Owned. Auditable.

One source of truth

Positions, applications, employees, and lifecycle requests — all connected, always current.

Clear ownership

HR, managers, and IT each see their own task list, so nothing falls through the cracks.

Complete audit history

Every grant is linked to a person, position, request, and decision — reviewable any time.

Pricing

Simple pricing for every organization

No per-user fees. No seat counting. One predictable price for your entire organization.

Core

Position-based access management made simple.

$5/ organization / mo

Billed monthly

Start Free
  • Unlimited employees
  • Unlimited positions
  • Unlimited applications
  • Onboarding workflows
  • Role change workflows
  • Offboarding workflows
  • 90-day audit history
  • Email support

Operations

Most popular

Built for teams that need visibility, approvals, and accountability.

$12/ organization / mo

Billed monthly

Start Free
  • Everything in Core
  • Unlimited audit retention
  • Multi-step approvals
  • Scheduled access reviews
  • CSV & JSON exports
  • Manager approvals
  • Priority support

Enterprise

For regulated and security-conscious organizations.

Custom
Book a Demo
  • Everything in Operations
  • SSO (SAML)
  • SCIM provisioning support
  • Custom approval workflows
  • Advanced permissions
  • Compliance exports
  • Dedicated onboarding
  • Webhooks & API access
  • SLA-backed support

Prices in USD. Cancel anytime.

0
spreadsheets to maintain
1
source of truth for access
3
personas aligned: HR, managers, IT
100%
auditable, by design

The source of truth for employee access.

Start FreeInteractive Demo

FAQ

Questions, answered

The things HR, IT, and ops leaders ask us most.

  • No. Conpermisso sits above them. We define what access each position should have and produce the right requests, approvals, and tasks — your existing IdP, ticketing system, and provisioning workflows still do the actual granting.

  • Most teams import their positions and applications in an afternoon. Because everything is metadata-driven, you describe the position once and every onboarding, change, and offboarding for that role inherits it automatically.

  • Offboarding is one click. Because every grant was tracked back to a position, Conpermisso revokes the exact set of access that role required — no orphan accounts, no guesswork, full audit trail.

  • Yes. Managers can request additional access beyond the position blueprint. Those requests flow through the same approval and audit pipeline so nothing happens off the books.

  • Conpermisso diffs the old position against the new one and generates only the changes that matter — what to grant, what to revoke, what stays. No more re-onboarding someone who's already in the building.

  • We treat access data as sensitive by default: row-level security, full audit history, least-privilege roles for HR, managers, and IT. Enterprise customers get SSO, SCIM, and compliance exports.