port-labs · hadar-co · Nov 12, 2025 · Sep 17, 2025 · Sep 17, 2025 · Sep 17, 2025
diff --git a/docs/security.md b/docs/security.md
@@ -75,6 +75,16 @@ Every Port account receives its own dedicated database for data storage, access
 
 Customer data is never transferred or stored on employee machines or devices.
 
+### Support user access
+
+Port's support team may require access to your organization to provide technical assistance. This access is controlled through support user permissions and includes several security measures:
+
+- Support user actions are not logged in your audit log.
+- You can set the access duration or disable support access completely.
+- Emergency access requires dual approval (organization + Port).
+
+For more information, see the [support user permissions](/sso-rbac/users-and-teams/manage-users-teams#support-user-permissions).
+
 ### Data retention
 
 Data ingested into Port by its users is managed by them, and if not deleted by the user, will be retained indefinitely.

diff --git a/docs/sso-rbac/rbac-overview/rbac-overview.md b/docs/sso-rbac/rbac-overview/rbac-overview.md
@@ -134,6 +134,12 @@ In addition to the permissions designated for each role, permissions are also in
 
 For more details about Port roles, see the [relevant documentation](/sso-rbac/users-and-teams/manage-users-teams#roles--permissions).
 
+### Support user access
+
+Port's support team may need access to your organization to provide technical assistance. Organizations can control this access through support user permissions, including the ability to set access duration and disable access completely.
+
+For more information, see the [support user permissions](/sso-rbac/users-and-teams/manage-users-teams#support-user-permissions).
+
 ### Blueprint permissions
 
 Blueprint permissions allow a granular configuration of the various roles: admin, member or blueprint collaborator. 

diff --git a/docs/sso-rbac/users-and-teams/manage-users-teams.md b/docs/sso-rbac/users-and-teams/manage-users-teams.md
@@ -52,6 +52,29 @@ These roles can be used to define specific permissions for assets in your softwa
 For example, you can define that all `Members` can create new entities from a specific blueprint, while only `Moderators` can edit them.  
 For more information and examples, see the [catalog RBAC](/build-your-software-catalog/set-catalog-rbac/) section.
 
+## Support user permissions
+
+Port's support team may need access to your organization to provide technical assistance. You can control this access through support user permissions.
+
+### Access duration
+
+Port support user access is enabled by default, you can choose to provide different access to your organization: **1 week**, **1 month**, **1 year**, **Permanent access (default)**.
+
+### Support user capabilities
+
+Support users can be created with the following restrictions:
+
+- **Read-only access** - Support users can be created as `read-only` users.
+- **Admin/edit access** - Support users can be created as `admin` users, their actions will appear in your organization's audit log. This requires both Port manager approval and customer approval via the support user permission process.
+
+:::info Emergency access
+
+In critical situations, Port can request emergency access to your organization even if support user permissions are disabled. This requires:
+
+1. **Organization approval** - the organization admin must approve the emergency access request.
+2. **Port approval** - Internal Port approval process.
+:::
+
 ## Ownership & user management
 
 After creating a Port account, two <PortTooltip id="blueprint">blueprints</PortTooltip> will be automatically created in your [data model](https://app.getport.io/settings/data-model) - `User` and `Team`.