# Administrating Organizations, Workspaces, and Roles

The following document covers managing your top level Organization, inviting your users, set policy items, then create your workspaces, assigning membership to those workspaces and defining their [roles](https://docs.tessl.io/reference/roles).

## How Organizations and Workspaces work in Tessl <a href="#how-organizations-and-workspaces-work-in-tessl" id="how-organizations-and-workspaces-work-in-tessl"></a>

**Organizations** are top level entities, often representing the billing or corporate entity, with a subcategory called **Workspaces** that provide role-based access to the various users across the company.

<figure><img src="/files/6T6kHoxVsJXY5c8pzrIw" alt=""><figcaption></figcaption></figure>

## Relationship between Roles, Workspaces and CLI <a href="#setting-up-your-tessl-organization" id="setting-up-your-tessl-organization"></a>

Certain actions, like evaluations and publishing are performed from the CLI to the Tessl platform, and your users ability to perform these functions will depend on the Roles assigned, and Workspace they have associated with the task they are trying to accomplish. Similarly access to skills, and certain features in the web interface will also be determined by what Organization or Workspaces are selected and the roles associated with the user and the selected Workspaces.

When creating Plugins, publishers will publish plugins to the Workspaces they have access to Publish to, similarly Consumers or other roles can search for Plugins that are public or in a workspace where they have permissions.

## Navigating Organizations <a href="#setting-up-your-tessl-organization" id="setting-up-your-tessl-organization"></a>

If you have access to an Organization, or multiple Organizations, clicking your account on the bottom left will display an interface that allows switching. If you do not yet have an organization or been invited to one, you may be prompted to create one.

\
![](/files/EmTHFtFsIljDRFuEtsBN)

## Setting up your Tessl Organization <a href="#setting-up-your-tessl-organization" id="setting-up-your-tessl-organization"></a>

Organizations are sometimes created during the presales phase of acquiring Tessl, or may be created later. If one has not been created, it will be auto created when you create your first workspace.

{% hint style="info" %}
If prompted, click **Create workspace** and name it after your team (i.e. ***Your Company name - Engineering***) to start.\
\
Note workspace names must be unique at this time, and will appear in plugin-names when searched. This is most notable if the plugins are published publicly.
{% endhint %}

<figure><img src="/files/empo5mDwkJLsDwn4eItJ" alt="" width="155"><figcaption></figcaption></figure>

The workspace should now be visible from the main interface

<figure><img src="/files/q9sUXKO0Pua07y6B8MMT" alt="" width="265"><figcaption></figcaption></figure>

The organization can now be observed from by clicking your Account, where your name is displayed, on the bottom left

<figure><img src="/files/QCLxJN0tjKqYkLBPY2Uh" alt="" width="251"><figcaption></figcaption></figure>

Once created, navigate to **Settings** for your Organization, rename the organization to your company name and specify if users can publicly share [skills](https://docs.tessl.io/create/creating-skills) by enabling the button.

<figure><img src="/files/ZdqSh35ewnMSsaltTm1L" alt="" width="375"><figcaption></figcaption></figure>

### Creating and managing Users in Tessl (Non-SSO) <a href="#creating-and-managing-users-in-tessl" id="creating-and-managing-users-in-tessl"></a>

Next, invite users to your organization, by navigating to the Organization’s **Members** menu, assigning the workspaces the users will have access to. Users will be created with the **Members** role, able to see, search and install skills, generate API keys from the chosen workspaces. Permissions can be promoted from the Workspace **Members** menu, which will be discussed later below. Users will need to accept the invite they are sent.

<figure><img src="/files/NJxfKVRuZ3nolTpeGdmV" alt=""><figcaption></figcaption></figure>

### Creating and managing Users in Tessl (SAML based SSO) <a href="#creating-and-managing-users-in-tessl" id="creating-and-managing-users-in-tessl"></a>

Users are created in the system once they visit Tessl with a default Organization Member role, without permissions to the different workspaces. An administrator would modify the user permissions once the user is created in the system by visiting it.

### Org Level User Permissions

Users are provisioned on their first login. Once a user is created, you can elevate a user to Admin to allow workspace creation or manage users. To do so, navigate to the Organization **Members** screen, and click the three dots under **Actions.** Assign an appropriate role. Examples will be provided below of some common configurations.

<figure><img src="/files/VlliY17eRE7Zr0gmA87c" alt="" width="218"><figcaption></figcaption></figure>

### Admin keys <a href="#admin-keys" id="admin-keys"></a>

Admin keys are for integrations and applications where programmatic access is required across workspaces. This is typically used for automation purposes and an expiration can be set up to one year.

<figure><img src="/files/TGbO0WochNRDbkuwHDvU" alt=""><figcaption></figcaption></figure>

### Managing Workspaces and Users in Tessl <a href="#managing-workspaces-and-users-in-tessl" id="managing-workspaces-and-users-in-tessl"></a>

Click the workspace drop-down to navigate to the desired workspace. Navigate to **Members** at the workspace level to specify [Roles](https://docs.tessl.io/reference/roles) for users who require more capabilities within the workspace, such as running evaluations, publishing or managing users.

<figure><img src="/files/cDWsrkRxl6dhYMxuH2a2" alt="" width="271"><figcaption></figcaption></figure>

To modify a user, search for their name, select their checkbox, a [role](https://docs.tessl.io/reference/roles), and click the **Add** button.

<figure><img src="/files/PlVyRj1YG14zeZElSKSr" alt=""><figcaption></figcaption></figure>

### Example role configurations for your team(s) <a href="#example-role-configurations-for-your-team-s" id="example-role-configurations-for-your-team-s"></a>

The following users demonstrate common configurations and [roles](https://docs.tessl.io/reference/roles) that may be used when rolling Tessl out:

#### Samira - Org. Admin <a href="#samira-org-admin" id="samira-org-admin"></a>

**Samira**, the administrator and skills champion, needs the ability to manage all workspaces, the ability to assign users, and create new workspaces. Make her an Organization admin.

<figure><img src="/files/CErsU2qalWc0gegtLnMk" alt=""><figcaption></figcaption></figure>

#### Jennifer - Manager <a href="#eddie-lead-engineer" id="eddie-lead-engineer"></a>

Jennifer may require the ability to add users to a workspace that she owns, publish, and possibly need the ability to remove other managers etc. Typically the workspace permission "Owner" or "manager" may be given to that user, depending on the need to remove other "owners" or delete workspace.

#### Eddie - Lead Engineer <a href="#eddie-lead-engineer" id="eddie-lead-engineer"></a>

Another user, **Eddie**, might be a member of an engineering workspace. He needs to be able to use plugins (skills) that have been published, but may need to have access to publish skills within the engineering workspace for others on his team. This could mean Eddie is the publisher [role](https://docs.tessl.io/reference/roles) in certain workspaces. He may also be a Member role of other workspaces where he only needs to search and install from.

<figure><img src="/files/KaCHviWwYi3d4okHKiBN" alt=""><figcaption></figcaption></figure>

#### Joe - New hire engineer <a href="#joe-new-hire-engineer" id="joe-new-hire-engineer"></a>

Finally, Joe, a new hire, has the ability to search and install skills from the engineering workspace, but does not have the ability to share/create skills until later, after they’ve gained a little more experience. Joe would be made a member of “engineering” with just a “consumer” role.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.tessl.io/administrators/administrating-organizations-workspaces-and-roles.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.