Managing your organization
This guide describes what organizations are, how they work, and how to get started as a organization admin.
To get started with organizations, ensure that you meet the following prerequisites:
- You must have an active Advanced Plus subscription or higher.
- You must have the GlobalAdmin role assigned to your account.
When you sign up with stellarbridge at the Advanced Plus subscription level or higher, a user account of your choosing is added as the organization admin and can create and manage organizations. The organization admin can also invite other users to join the organization and assign them the roles.
It is recommended that the organization admin, and any other users with the GlobalAdmin role, set up their account under a dedicated email which is separate from their licensed email.
When an admin creates an organization, they must specify a domain. This domain is used to uniquely identify organizations. Organizations can also be used to restrict invites to users with an email with a specific domain. For example, if the domain is stellarbridge.com, then users with an email with the stellarbridge.com domain can join the organization.
The organization name is used to identify the organization in the UI.
| Option | Description |
|---|---|
| Domain-only Invites | Only users with an email with the organization domain can be invited. |
| Required TOTP | Users will be required to set up a TOTP device before they can join the organization. |
| Password Max Length | The maximum length of the password. |
| Password Min Length | The minimum length of the password. |
The following features are available for organizations:
- Invitations
- Users
- Roles
- Transfer Management
- Audit Logs
- Billing
Stellarbridge provides several features for managing users in your organization.
Adding a user to the organization can be done by:
- Go the Organization
- On the right-hand side card titled
Organization Usersclick type in an email into the invite box - Click
Invite
Org domains and user invites If you have domain-only invites enabled, users with email addresses belonging to a non-org domain will not be able to be invited.
When a new user is added to an organization, they are automatically configured with a default permission set that is limited in scope. By default, users are provided with the OrgUser role (user:org). If users require permissions not covered in this role, an admin with appropriate permissions will need to configure additional permissions. For more info on the OrgUser role, see here.
- Go the Organization
- On the right-hand side card titled
Organization Usersselect the elipses next to the user you want to remove - Click
Remove from org
- Go the Organization
- On the right-hand side card titled
Organization Usersselect the elipses next to the user you want to remove - Click
Settings - Select the new role from the popup
- Click
Save
| Feature | Description |
|---|---|
| Domain-only invite | This setting controls whether users with email belonging to a non-org domain can be invited |
Stellarbridge provides a mechanism by which administrators can enforce the principles of least privilege across their user base.
| Role | Permissions | References |
|---|---|---|
| BridgeUser | Bridge user - can upload, download, and manage transfers | |
| GlobalAdmin | Global admin role - access to everything | |
| OrgUser | Org user - basic user access to uploads, streams, transfer history and organization overview | |
| RoleAdmin | Role admin - can manage roles and permissions that are assigned to users within an or | |
| SecurityAnalyst | Security analyst - can view security reports | |
| UploadUser | Upload user - can upload and manage their uploads |
Role stability As stellarbridge evolves and new features are added, admins should expect new roles to be added.
{role=“note”}