Administrating Organizations, Workspaces, and Roles

The following document covers managing your top level Organization, inviting your users, set policy items, then create your workspaces, assigning membership to those workspaces and defining their roles.

How Organizations and Workspaces work in Tessl

Organizations are top level entities, often representing the billing or corporate entity, with a subcategory called Workspaces that provide role-based access to the various users across the company.

Relationship between Roles, Workspaces and CLI

Certain actions, like evaluations and publishing are performed from the CLI to the Tessl platform, and your users ability to perform these functions will depend on the Roles assigned, and Workspace they have associated with the task they are trying to accomplish. Similarly access to skills, and certain features in the web interface will also be determined by what Organization or Workspaces are selected and the roles associated with the user and the selected Workspaces.

When creating Plugins, publishers will publish plugins to the Workspaces they have access to Publish to, similarly Consumers or other roles can search for Plugins that are public or in a workspace where they have permissions.

Navigating Organizations

If you have access to an Organization, or multiple Organizations, clicking your account on the bottom left will display an interface that allows switching. If you do not yet have an organization or been invited to one, you may be prompted to create one.

Setting up your Tessl Organization

Organizations are sometimes created during the presales phase of acquiring Tessl, or may be created later. If one has not been created, it will be auto created when you create your first workspace.

The workspace should now be visible from the main interface

The organization can now be observed from by clicking your Account, where your name is displayed, on the bottom left. Once created, navigate to Settings for your Organization,

Rename the organization to your company name and specify if users can publicly share skills by enabling the button.

Creating and managing Users in Tessl (Non-SSO)

Next, invite users to your organization, by navigating to the Organization’s Members menu, assigning the workspaces the users will have access to.

Users will be created with the role that you specify for the workspaces you specified. Permissions can be promoted from the Workspace Members menu, which will be discussed later below. Note that users will need to accept the invite they are sent before you can edit them further.

Creating and managing Users in Tessl (SAML based SSO)

Users are created in the system once they visit Tessl with a default Organization Member role, without permissions to the different workspaces. An administrator would modify the user permissions once the user is created in the system by visiting each workspace and editing with the workspace level Members menu.

Org Level User Permissions

Users are provisioned on their first login. Once a user is created, you can elevate a user to Admin to allow workspace creation or manage users. To do so, navigate to the Organization Members screen, and click the three dots under Actions. Assign an appropriate role. Examples will be provided below of some common configurations.

Admin keys

Admin keys are for integrations and applications where programmatic access is required across workspaces. This is typically used for automation purposes and an expiration can be set up to one year.

Managing Workspaces and Users in Tessl

Click the workspace drop-down to navigate to the desired workspace. Navigate to Members at the workspace level to specify Roles for users who require more capabilities within the workspace, such as running evaluations, publishing or managing users.

To modify a user, search for their name, select their checkbox, a role, and click the Add button.

Example role configurations for your team(s)

The following users demonstrate common configurations and roles that may be used when rolling Tessl out:

Samira - Org. Admin

Samira, the administrator and skills champion, needs the ability to manage all workspaces, the ability to assign users, and create new workspaces. Make her an Organization admin.

Jennifer - Manager

Jennifer may require the ability to add users to a workspace that she owns, publish, and possibly need the ability to remove other managers etc. Typically the workspace permission "Owner" or "manager" may be given to that user, depending on the need to remove other "owners" or delete workspace.

Eddie - Lead Engineer

Another user, Eddie, might be a member of an engineering workspace. He needs to be able to use plugins (skills) that have been published, but may need to have access to publish skills within the engineering workspace for others on his team. This could mean Eddie is the publisher role in certain workspaces. He may also be a Member role of other workspaces where he only needs to search and install from.

Joe - New hire engineer

Finally, Joe, a new hire, has the ability to search and install skills from the engineering workspace, but does not have the ability to share/create skills until later, after they’ve gained a little more experience. Joe would be made a member of “engineering” with just a “consumer” role.