Business & Enterprise Plan Overview
The Business plan unlocks the full enterprise feature set โ team management, participant whitelisting, SSO, IP allowlist, audit logs, and organisation branding. This guide walks through setting up each feature step by step.
| Feature | Where to find it | Plan |
|---|---|---|
| Team Members โ add hosts who share your plan | Account โ Team Access | Starter+ |
| Organisation Branding โ logo, colour, name | Account โ Org Branding | Starter+ |
| Org Analytics โ team-wide session data | Account โ Org Analytics | Starter+ |
| Participant Whitelist โ restrict who can join | Account โ Whitelist | Starter+ |
| SSO / SAML โ company login via Okta, Azure AD, Google | Account โ SSO / SAML | Business |
| IP Allowlist โ restrict host login by IP range | Account โ SSO / SAML โ IP Allowlist | Business |
| Audit Log โ immutable record of all org actions | Account โ Audit Log | Business |
| DPA โ countersigned Data Processing Agreement | dpa.html | All paid |
| Data export & deletion (GDPR Art. 17 & 20) | Account โ Data & Storage | All plans |
Account Setup & Upgrade
After upgrading to Business, an Organisation is automatically created on your account and all enterprise tabs appear in your account sidebar immediately.
Team Management
Team members are additional hosts who share your organisation's plan limits. On Business, every team member can run sessions with up to 500 participants. The organisation owner manages billing โ team members cannot modify the plan.
Roles & permissions
| Action | Owner | Member (default) | With permission |
|---|---|---|---|
| Host sessions | โ | โ | โ |
| Export own session results | โ | โ | โ |
| View Org Analytics | โ | โ | โ |
| Manage Org Branding | โ | โ | โ |
| Manage Whitelist | โ | Session-only adds | โ |
| View Audit Log | โ | โ | โ |
| Configure SSO | โ | โ | View-only |
| Invite / remove members | โ | โ | โ |
| Change plan / billing | โ | โ | โ |
Removing a team member
Account โ Team Access โ find the member โ click Remove. Their EngageLive account stays active but they lose org plan benefits. Their previously hosted sessions stay in their own history.
Organisation Branding
Set your logo, brand colour, and company name once โ applied automatically to every session hosted by you and all team members. Participants see your branding on the join screen throughout the session.
#1d4ed8. Applied to buttons, progress bars, and highlights.Participant Whitelist
Restrict who can join any session hosted by your organisation. When enforcement is ON, participants must enter their email โ checked against your approved list before they can join, even with the correct session code.
CSV / Excel bulk import
email. One email per row. Download the sample template from the upload section..csv, .xlsx, .xls. Up to 10,000 rows. Email column is auto-detected.Adding participants mid-session
During a live session, hosts see a ๐ Whitelist Participants button in the session sidebar. Click it to add an email on the spot:
SSO / SAML Setup
Let your employees log into EngageLive using your company's Identity Provider (Okta, Azure AD, Google Workspace, ADFS, or any SAML 2.0 / OIDC provider) โ no separate password needed.
- Business plan (SSO is not available on lower plans)
- You must be the organisation owner
- Admin access to your IdP to create a new SAML application
- After submitting your config, allow 1โ2 business days for EngageLive to configure Firebase SAML โ we email you when it's ready
- Provider name โ e.g. "Acme Corp Okta"
- Provider type โ SAML 2.0 or OIDC
- Entity ID (Issuer URL) โ from your IdP SAML settings
- SSO URL โ the IdP sign-in endpoint URL
- X.509 Certificate โ paste the public cert in PEM format (with BEGIN/END headers)
- Allowed email domains โ e.g.
acmecorp.com
Step 2 โ Configure your Identity Provider
In your IdP, create a new SAML 2.0 application for EngageLive with these values:
| IdP field | Value |
|---|---|
| ACS URL (Reply URL / Assertion Consumer Service) | https://postlister.com/engagelive/auth/sso_callback.php |
| Entity ID (Audience URI / SP Entity ID) | Provided by EngageLive in the confirmation email |
| Name ID format | EmailAddress |
| Attribute: email | Map to user's primary email address |
| Attribute: displayName | Map to user's full name (optional but recommended) |
| Signature algorithm | RSA-SHA256 |
email โ user.email, displayName โ user.displayName.Azure AD: Create Enterprise Application โ Set up SSO โ SAML. Enter Reply URL and Identifier. Add email and name claims under User Attributes & Claims.
Google Workspace: Admin Console โ Apps โ Web and mobile apps โ Add custom SAML app. Use the ACS URL and Entity ID above.
Just-in-Time (JIT) provisioning
No pre-provisioning is required. When a user from your allowed domain first logs in via SSO, their EngageLive account is auto-created and added to your organisation as a team member. Users who previously had a personal EngageLive account with that email are merged into the organisation on first SSO login.
IP Allowlist
Restricts host login to specific IP addresses or CIDR ranges such as your office network or corporate VPN. Participants are never affected โ they can always join from any network.
203.0.113.0/24 for a subnet, 198.51.100.42 for a single IP.Audit Log
An immutable record of every significant action in your organisation. Entries cannot be edited or deleted โ not even by the organisation owner โ making them suitable for compliance evidence collection.
What gets logged
| Event | Details captured |
|---|---|
| Member invited / accepted / removed | Actor, member email, timestamp, IP |
| Member permissions changed | Actor, member, which permissions changed (before/after) |
| SSO config submitted / updated / disabled | Actor, provider name, timestamp |
| Firebase SSO provider activated by EngageLive admin | Provider ID, timestamp |
| Org branding updated | Actor, which fields changed, timestamp |
| Whitelist enforcement toggled | Actor, new state (ON/OFF), timestamp |
| Whitelist bulk import | Actor, email count added, source (CSV/paste), timestamp |
| Plan upgraded / downgraded | Old plan, new plan, gateway reference, timestamp |
| Session result exported | Actor, session code, export format (PDF/Excel/CSV), timestamp |
| IP Allowlist enabled / disabled | Actor, new state, timestamp |
Accessing and exporting
Account โ Audit Log. Newest entries first. Filter by date range, actor, action type, or resource type. Click Export CSV to download the filtered log.
Data & Privacy
EngageLive is architected to minimise data retention. Only aggregated session results are stored long-term โ individual participant PII is not retained beyond session end unless explicitly exported by the host.
Data retention by plan
| Plan | Session results | Participant PII |
|---|---|---|
| Free (5 participants/session) | 30 days | Deleted at session end |
| Starter | 180 days | Deleted at session end (unless exported) |
| Pro / Business | Unlimited โ lifetime of account | Deleted at session end (unless exported) |
Deleting your data
Export your data (GDPR Article 20)
Download all your data โ session history, activity results, account details โ as a JSON/CSV bundle from Account โ Data & Storage โ Download My Data. Complies with the GDPR right to data portability.
Participant data rights
Participants wanting their data deleted can email support@postlister.com. Since participant PII is not retained beyond session end (only aggregates), most deletion requests are already satisfied. We respond within 72 hours.
DPA Request
A countersigned Data Processing Agreement (DPA) is available for all paid plan customers. Required under GDPR Article 28 for EU/UK organisations where your company is the data controller and EngageLive is the processor.
Frequently Asked Questions
Typically 2โ4 business days. Your part (submitting IdP metadata) takes 15โ30 minutes if you have IdP admin access. EngageLive configures Firebase SAML in 1โ2 business days then emails you. Testing takes another 15โ30 minutes. Budget 3 business days total.
No. Each host's sessions are private. The organisation owner sees team-wide aggregate analytics in Org Analytics, but individual session details are only visible to the host who ran that session โ unless the owner grants "can export results" permission to a specific member.
After downgrading, session results older than the new plan's retention period (30 days for Free) are deleted after a 30-day grace period. Export all session data first via Account โ Data & Storage โ Download My Data.
Plan access continues until end of billing period. No pro-rata refunds for monthly plans. Yearly plans cancelled within 30 days receive a pro-rata refund โ email support@postlister.com.
No. Participants never need an EngageLive account. They join by entering the session code or scanning the QR code. If the host enables email collection or the whitelist, participants enter their email before joining โ but no account creation is ever required.
Any SAML 2.0-compliant Identity Provider. Tested: Okta (SAML 2.0), Azure Active Directory (SAML 2.0), Google Workspace (SAML). OIDC (OpenID Connect) is also supported โ contact support@postlister.com for OIDC-specific setup.
Email support@postlister.com โ subject: "IP Allowlist lockout โ [your account email]". We disable the allowlist within 4 business hours. Prevention: always add your home/VPN IP and a mobile hotspot IP before enabling.
Keep SSO enforcement OFF during testing. Create a test user in your IdP assigned to the EngageLive SAML app, then log in with that user in an incognito window. Only after confirming the full flow works for 2โ3 test users should you enable enforcement. Existing employees can still use their passwords while you test.
Yes. The 500 participant limit is per session, not shared across concurrent sessions. 10 team members can all run simultaneous sessions each with up to 500 participants โ no conflict.
Enterprise Support
Business plan customers receive priority support. Use the right contact for the fastest response.