Skip to main content

Epsilon3 Connect

Learn how to use Epsilon3 Connect to securely share files, folders, procedures, and runs across organizations while managing paid seats and external collaboration.

Epsilon3 Connect

Epsilon3 Connect extends collaboration beyond the boundaries of a single organization, making it possible to securely work with customers, suppliers, regulators, partner organizations, and other external stakeholders without leaving Epsilon3.

Traditionally, collaboration across organizational boundaries has required exporting PDFs, emailing documentation, managing duplicate copies of procedures, or relying on disconnected spreadsheets and file sharing services. These workflows often create version control challenges, fragmented communication, and uncertainty about which document represents the current operational record.

Epsilon3 Connect eliminates those barriers by allowing organizations to securely share live operational content. Instead of distributing copies, recipients access the same information directly in Epsilon3 with permissions that are explicitly granted and fully controlled by the organization sharing the content.

In addition to cross-organization sharing, Epsilon3 Connect introduces organization-level paid seat management. Organization Admins can now explicitly determine which users occupy paid seats while allowing users to collaborate across multiple Epsilon3 organizations without requiring duplicate licenses.


How Epsilon3 Connect works

Epsilon3 Connect is built around governed collaboration.

Epsilon3 Connect is built around governed collaboration.

Users can securely share supported content with people inside or outside their organization without adding those users to a project or granting them broader workspace visibility.

Access is granted only to the specific items that have been shared and does not provide visibility into any other workspace content.

Recipients authenticate using an Epsilon3 account, but they do not automatically become members of your workspace. Instead, shared items appear on their Shared with me page where they can view the content in a read-only experience.

If deeper collaboration is required, such as editing procedures or actively participating in run execution, recipients must be invited into the workspace and assigned the appropriate roles and permissions.


What can be shared?

Epsilon3 Connect currently supports sharing several types of operational content.

Organizations can share individual files stored in File Storage, entire folders, procedures, and runs. Each item is shared independently, allowing users to provide access only to the information required for a particular collaboration.

As additional capabilities are introduced, support for more content types may become available.


Paid seats and role permissions

One of the biggest changes introduced by Epsilon3 Connect is the separation of licensing from permissions.

Prior to this capability, assigning a role and assigning licensed access were closely tied together. With Epsilon3 Connect, those concepts are managed independently.

Users may still be assigned Workspace Roles and Project Roles regardless of whether they currently occupy a paid seat. This allows administrators to configure permissions ahead of time without immediately consuming one of the organization's available licenses.

Assigned roles alone do not grant access to protected functionality.

If a user does not currently have access to a paid seat, the permissions associated with their assigned roles remain inactive. For example, a user may have the Workspace Admin role assigned but will not be able to perform administrative functions until they have access to a paid seat.

Once a paid seat becomes available—or Epsilon3 detects that the user already has a paid seat through another Epsilon3 organization—the permissions associated with those roles become active automatically. No additional role configuration is required.

This separation allows organizations to prepare user access in advance while maintaining complete control over how paid licenses are allocated.

Shared paid seats across organizations

Paid seats are no longer limited to a single organization.

If a user already has a paid seat through one Epsilon3 organization, that paid seat follows the user when collaborating with another organization using Epsilon3 Connect.

For example, a supplier, customer, or partner organization may invite an existing Epsilon3 user into their workspace. If that user already occupies a paid seat through their own organization, the receiving organization does not need to assign another paid seat simply to allow collaboration.

Each organization still independently manages the user's assigned roles and permissions within their own workspace, but duplicate paid licensing is no longer required.

This makes cross-organization collaboration significantly easier while reducing unnecessary license consumption.


Real-time collaboration and paid seats

Epsilon3 Connect introduces two complementary capabilities that work together.

The first is entity sharing, which provides read-only access to individual procedures, runs, files, and folders through the Shared with me page.

The second is cross-organization licensing. If a user already has a paid seat through another Epsilon3 organization, that paid seat can be recognized when they are invited into your workspace. This allows organizations to collaborate inside the same workspace without requiring duplicate paid licenses.

Once invited into the workspace and assigned the appropriate roles, those users work directly within the standard Epsilon3 interface and can fully participate in procedures and run execution according to their assigned permissions.

Organization Admins manage paid seats from the Organization Users page.

Open Organization Settings and select Users.

The Organization Users page provides an overview of your organization's licensing, including the number of purchased seats, seats currently assigned, and remaining available seats.

Each user also displays whether they currently occupy a paid seat.

To assign a paid seat, select one or more users from the table and choose Assign Seats.

If a user no longer requires licensed access, select the user and choose Remove Seats. Their assigned workspace and project roles remain intact, but the permissions associated with those roles become inactive unless the user already has a paid seat through another organization.

Because paid seats are evaluated across organizations, you may also see users whose licensed access originates from another Epsilon3 organization. These users continue to receive the permissions granted by their assigned roles without consuming one of your organization's available seats.

Verifying a user's access

If a user appears to be missing permissions that should be provided by one of their assigned roles, the first step is verifying their paid seat status.

Navigate to Workspace Settings and select Users, then open the desired user.

If the user has assigned roles but does not currently have access to a paid seat, Epsilon3 displays a notification indicating that their permissions are inactive because they do not have a paid seat.

Once a paid seat is assigned—or once Epsilon3 recognizes the user's existing paid seat from another organization—the notification disappears automatically and the permissions associated with the user's assigned roles immediately become active.

This provides administrators with a simple way to distinguish between permission configuration issues and licensing availability.


Configuring sharing permissions

Sharing capabilities are controlled through workspace role permissions.

To configure sharing, navigate to Workspace Settings and open Roles. Edit the role that should be allowed to share content.

Two permissions determine how users can collaborate using Epsilon3 Connect:
- Share Internally
- Share Externally

The Share Internally permission allows users to share supported content with other users inside the same workspace.

The Share Externally permission allows users to share supported content outside the workspace, including users from other Epsilon3 organizations or users who have never used Epsilon3 before.

Users must have the appropriate sharing permission before the Share option becomes available throughout the application.

Organizations should review these permissions carefully and grant external sharing only to roles that require collaboration outside the organization.

Sharing content

The sharing workflow is consistent across all supported content types.

Whenever a supported item is opened, users with the appropriate permissions can choose Share from the available actions.

The sharing dialog allows one or more recipients to be entered by searching for existing Epsilon3 users (Internal) or by entering an email address directly (external.)

Recipients may include users within the current workspace, users from other Epsilon3 workspaces, users from different organizations, or individuals who have never created an Epsilon3 account.

Once the share is confirmed, recipients immediately receive access to the shared content according to the permissions granted by the sender.

Sharing a folder

Share in app or send an access link.

Folders can be shared directly from File Storage, making it easy to provide access to collections of related files.

Navigate to File Storage and locate the folder you would like to share. Open the folder's action menu and select Share.

Enter the email address of the recipient or search for an existing Epsilon3 user. Multiple recipients can be added before confirming the share.

After the share is created, recipients receive an email notification and can access the folder from their Shared with me page.

Sharing a folder allows collaborators to access its contents without granting broader visibility into the rest of your File Storage hierarchy.

Sharing a procedure

In a procedure, use the 3 dor menu to share.

Type the email address directly to share externally.

Rather than receiving an exported document, recipients gain access to the live procedure inside Epsilon3. This ensures everyone involved in the collaboration is viewing the same operational record rather than separate document revisions.

Recipients access the procedure through the Shared with me page after signing in to Epsilon3.

Note: Shared procedures are currently view-only. Recipients can review the latest version of the procedure but cannot edit or create drafts through Epsilon3 Connect sharing alone. To edit a procedure, the user must be invited into the workspace and assigned the appropriate permissions.

Sharing internally

Although Epsilon3 Connect supports external collaboration, it can also be useful within your own organization.

For example, a user may have access to only a subset of projects within a workspace. Rather than expanding that user's project permissions, you can share a specific procedure, run, or file directly with them.

The shared item appears in the recipient's Shared with me page without granting access to the rest of the project or workspace.

This provides a simple way to grant read-only access to individual operational records while maintaining your existing project permission structure.


Sharing a Run

Runs can also be shared with internal or external users.

Open the desired run, select Share, choose the recipients, and confirm the invitation.

Recipients can immediately view the live run from their Shared with me page.

Because the recipient is viewing the live run rather than an exported document, they always see the current execution state as it changes.

Note: Shared runs are currently read-only. Recipients cannot complete steps, perform signoffs, or otherwise participate in run execution through Epsilon3 Connect sharing alone. Active run collaboration requires the user to be a member of the workspace with the appropriate assigned roles and permissions.

Run Sharing Demo


Managing and Revoking Shares

Users maintain control over every share they create.

To review active shares, open the sharing dialog for the item. The sharing window displays the current recipients who have access to that content.

If access is no longer required, select Revoke next to the appropriate recipient.

Revoking access immediately removes the shared item from the recipient's Shared with me page, preventing any further access to that content.

Because sharing is managed independently for each item, access can be adjusted throughout the lifecycle of a collaboration without affecting other shared assets.


Recipient experience

When content is shared with an existing Epsilon3 user, that user receives an email notification informing them that content has been shared.

Selecting the link in the email opens Epsilon3, where the shared content is available from the Shared with me page.

If the recipient does not already have an Epsilon3 account, the invitation guides them through creating one before accessing the shared content.

Creating an account does not make the recipient a member of the sender's workspace or organization. Instead, the account serves only to authenticate the recipient and provide access to the items that have been explicitly shared with them.

The Shared with me page organizes all received shares in one location, making it easy to locate procedures, folders, runs, and other shared content without navigating the sender's workspace.


External File Sharing

Organization Settings also include an External File Sharing configuration for File Storage.

When enabled, users with the appropriate role permissions can share supported File Storage content externally.

When disabled, external file sharing is unavailable regardless of the user's assigned role permissions.

This setting provides organizations with an additional layer of administrative control over how external collaboration is managed.

Governance and Auditability

Epsilon3 Connect extends Epsilon3's existing governance model beyond the boundaries of a single organization.

Rather than distributing disconnected copies of operational data, collaborators work from the same live operational record while access remains governed by Epsilon3's permission model.

Organizations maintain complete control over who receives access, what information is shared, and when that access should end. This allows external collaboration to occur without sacrificing operational oversight or requiring separate document management processes.

Best practices

When implementing Epsilon3 Connect, begin by carefully defining which workspace roles should have permission to share content internally and externally.

Not every role requires the ability to collaborate outside the organization, so limiting these permissions helps ensure sharing remains intentional and appropriately governed.

Manage paid seats independently from role assignments. Assign roles based on the responsibilities a user should have, then allocate paid seats only to users who require active access.

Because paid seats are recognized across organizations, avoid assigning duplicate seats to users who are already licensed elsewhere.

Finally, periodically review active shares and remove access once a collaboration has concluded. Keeping external access current helps ensure collaborators retain access only to the operational content they continue to need while maintaining the security and governance of your workspace.

Did this answer your question?