AIM
Architectural Insight for Modernization
Teams, Roles & Access
AIM is built for teams. Every organization gets a structured access model with six roles spanning technical, procurement, and oversight functions — with guest collaboration for external stakeholders and a full audit trail for owners and admins.
1How Organizations Work
Every AIM account belongs to an Organization. An org is the shared workspace where your team creates assessments, manages projects, and generates reports. Think of it as your agency's or company's dedicated instance of AIM.
Your subscription plan (Pilot, Org–Small, Org–Medium, or Org–Large) is attached to the organization, not to individual user accounts. Your team shares a pool of:
- ›Seats — Licensed named users who can log in and work within your org
- ›Assessments — The total number of projects your org can create (Unlimited on Org-Large)
- ›Snapshot Credits — Credits consumed by AI-powered report generation
You can view your org's live usage at any time from Dashboard → Team & Usage.
2Seats vs. Guest Collaborators
Org Seat Holders
Named users invited into your organization. They log in with their own AIM account, persist across all assessments, and hold an org-level role (Owner, Admin, Engineer, Program Analyst, Reviewer, or Viewer).
- ✓ Full AIM account login
- ✓ Access to all org assessments (per role)
- ✓ Count against your seat quota
- ✓ Appear in org team management
Assessment Guest Collaborators
External stakeholders (vendors, contractors, clients) invited to a single specific assessment via email. They authenticate with a one-time code and do not hold an org seat.
- ✓ Email OTP login — no AIM account required
- ✓ Scoped to one assessment only
- ✓ Do not consume org seats
- ✓ Access tracked in the assessment audit log
- ✗ Cannot create or manage anything
Only Owners and Admins can invite guest collaborators. Guest limits are set by your plan — see Plans & Pricing.
3Organization Roles
Full control. Assigned automatically to the account that created the organization.
Federal: CIO / PEO · Healthcare: CIO / CMO · Education: CIO / Superintendent · Enterprise: CTO
Can Do
- ✓Create, edit, archive, and permanently delete assessments
- ✓Invite, manage, and remove all org members
- ✓Manage billing, upgrade plan, and purchase capacity packs
- ✓View org-wide activity and audit logs
- ✓Invite and revoke assessment guest collaborators
- ✓Generate and export all document types
- ✓Use Document Translator — initiate, edit, and finalize
- ✓Configure org settings
Operational co-owner. Trusted team leads who manage day-to-day operations without billing access.
Federal: Deputy CIO / IT Director · Healthcare: IT Director · Education: Deputy Superintendent · Enterprise: Engineering Director
Can Do
- ✓Create, edit, and archive assessments
- ✓Invite and manage org members (cannot remove Owner)
- ✓View org-wide activity and audit logs
- ✓Invite and revoke assessment guest collaborators
- ✓Generate and export all document types
- ✓Use Document Translator — initiate, edit, and finalize
Cannot Do
- ✗Manage billing or change subscription plan
- ✗Delete the organization
Technical AIM operator. Runs assessments, operates all analysis engines, and generates all document types including technical and procurement outputs.
Federal: Systems Engineer / IT Architect · Healthcare: Clinical Systems Engineer · Education: Infrastructure Lead · Enterprise: Solutions Architect
Can Do
- ✓Create new assessments and manage system inventory
- ✓Run all analysis engines (RAO scoring, constraint normalization, risk calculation, architecture diagrams)
- ✓Generate all report types: Modernization Report, White Paper, RFP, IGCE, Market Research, Acquisition Strategy
- ✓Use Document Translator — initiate, fill fields, and finalize translated documents
- ✓View org members list
Cannot Do
- ✗Invite or remove org members
- ✗Invite assessment guest collaborators
- ✗Approve or flag documents in the review queue
- ✗View activity logs or audit trails
- ✗Manage billing
Procurement and acquisition operator. Generates procurement documents and uses the Document Translator to fill agency-specific templates. Cannot create assessments or run technical engines.
Federal: Program Manager / COR · State/Local: Procurement Officer · Healthcare: IT Project Manager · Education: Purchasing Coordinator · Enterprise: Business Analyst
Can Do
- ✓Generate procurement documents: RFP, IGCE, Market Research Report, Acquisition Strategy
- ✓Use Document Translator — upload agency templates, fill fields, edit and finalize translated documents
- ✓View all assessments and their outputs
- ✓Export previously generated PDFs and documents
Cannot Do
- ✗Create or edit assessments
- ✗Run technical analysis engines (RAO scoring, constraint normalization, architecture diagrams)
- ✗Generate technical reports (Modernization Report, White Paper)
- ✗Invite or remove org members
- ✗Invite assessment guest collaborators
- ✗Approve or flag documents in the review queue
- ✗View activity logs or manage billing
Document approver and milestone attester. Reviews, approves, or flags AIM-generated documents and attests Pulse milestone completions. Cannot generate or modify anything.
Federal: Legal Counsel / Independent Reviewer · Healthcare: Compliance Officer · Education: Academic Affairs · Enterprise: QA Lead / Change Advisory Board
Can Do
- ✓View all assessments and their outputs
- ✓Access the org-wide document review queue
- ✓Approve or flag generated reports, procurement docs, and translated documents
- ✓Attest Pulse milestone completions
- ✓Export previously generated PDFs
Cannot Do
- ✗Create or edit assessments
- ✗Run analysis engines or generate any documents
- ✗Use the Document Translator
- ✗Invite or remove org members
- ✗Invite assessment guest collaborators
- ✗View activity logs or manage billing
Read-only stakeholder. Views assessments, reports, and the Pulse dashboard. Cannot generate, modify, or approve anything.
Federal: Congressional Liaison / Oversight Staff · Healthcare: Department Director · Education: Faculty Lead / Board Member · Enterprise: Product Manager
Can Do
- ✓View all assessments and their results
- ✓Read existing reports and recommendations
- ✓Monitor the Pulse implementation dashboard
- ✓Export previously generated PDFs
Cannot Do
- ✗Create or edit assessments
- ✗Run analysis engines
- ✗Generate new documents or use the Translator
- ✗Approve or flag documents
- ✗Invite collaborators of any kind
- ✗View activity logs
4Permissions at a Glance
| Action | Owner | Admin | Engineer | Prog. Analyst | Reviewer | Viewer |
|---|---|---|---|---|---|---|
| Create & edit assessments | ||||||
| Manage system inventory | ||||||
| Run technical analysis engines | ||||||
| Generate technical reports | ||||||
| Generate procurement documents | ||||||
| Use Document Translator | ||||||
| Finalize translated documents | ||||||
| Review & approve documents | ||||||
| Attest Pulse milestones | ||||||
| Export PDFs (existing documents) | ||||||
| Invite org members | ||||||
| Remove org members | ||||||
| Invite guest collaborators | ||||||
| View activity & audit logs | ||||||
| Manage billing & plan | ||||||
| Delete organization |
5Activity & Audit Logs
Org-Wide Activity Log
Available to Owners and Admins on all plans at Dashboard → Team → Activity Log. Shows a timeline of all org-level events:
- › User invitations sent and accepted
- › Assessments created
- › Guest collaborator invite and access events
Assessment-Level Access Log
Inside any assessment, Owners and Admins can open the Collaborators panel and switch to the Access Log tab to see:
- › Who was invited (guest email, role)
- › Email verification events (pass/fail)
- › Session start timestamps and IP addresses
- › Access revocations
6Team Limits by Plan
| Feature | Pilot | Org – Small | Org – Medium | Org – Large |
|---|---|---|---|---|
| Seats (named users) | 1 | 5 | 15 | 50 |
| Assessments | 3 | 15 | 50 | Unlimited |
| Guest collaborators / assessment | 0 | 3 | 5 | 10 |
| Activity & audit logs | Owner/Admin | Owner/Admin | Owner/Admin | Owner/Admin |
| Assessment access log | Owner/Admin | Owner/Admin | Owner/Admin | Owner/Admin |
| MFA for guest OTP | — | Yes | Yes | Yes |
Need more seats or assessments? View Plans & Pricing or contact us for a custom Enterprise quote.
7Common Questions
Can a Viewer generate a report?
No. Viewers can read existing reports and export previously generated PDFs, but they cannot trigger new report generation, run analysis engines, or modify any assessment data.
Can an Engineer or Program Analyst invite a guest collaborator to their assessment?
No. Only Owners and Admins can invite or revoke guest collaborators. Engineers and Program Analysts can create and work assessments, but external access management requires an elevated role.
Can someone be a Viewer in the org but a collaborator on a specific assessment?
Yes. Org roles and assessment guest collaborators are separate concepts. An org Viewer has read-only access to all assessments as a seat holder. A guest collaborator has email-OTP access to a single assessment but does not hold a seat. The same person could technically be both.
How does guest collaborator authentication work?
When an Owner or Admin invites a guest, AIM sends a secure invite link to the email provided. When the guest opens the link, they receive a one-time passcode (OTP) to verify their identity. Sessions are time-limited and revocable at any time. All access events are logged in the assessment audit trail.
What happens when a guest invite expires?
Pending guest invites expire automatically after the configured window (default 7 days). The daily cleanup job marks expired invites and logs an expiry event in the audit trail. Guests with expired invites must be re-invited to regain access.
Who can change a member's role?
Owners can change any member role including other Admins. Admins can change the role of Engineers, Program Analysts, Reviewers, and Viewers but cannot modify the Owner role.
Ready to set up your team?