Account and Users Management¶
Terminology¶
To start working with flexiManage, a user (identified by his e-mail address) should create an account and organization/s. The system allows multi-tenancy and defines Accounts and Organizations as described further in this page. The email used for creating the Account will be the owner (you may add more users as owners) and billing email of the account. You may consider using an email alias for the opening of the Account.
Account
An entity that allows to manage multiple separate networks. A network that includes flexiEdge devices, tunnels and other configurations is associated with an Organization. A User in an Account can create multiple Organizations that belong to that Account. An example of an Account is a Manage Service Provider (MSP) or s System Integrator (SI) that manages multiple networks for different customers.
The Account is the billing entity. All Organizations of the Account will be billed in the Account level and through the payment method of the Account.
Group
Group of multiple networks / organizations. Used to assign management permission as a group. Every organization is associated with one group.
Organization
An entity that includes all the network inventory and configuration, usually a single enterprise with a single network. It is possible to connect tunnels between Devices of the same Organization but different Organizations (even under the same account) are not connected, hence, it is not possible to create a Tunnel between a Device in Organization A to a Device in Organization B. All the network management is done in the scope of an Organization and therefore, it is required to create an organization to manage a network.
The relationship between Account, Group, and Organization is shown in the following chart:
Roles and Permissions¶
A user in the system is granted access to a resource (Account, Group, or Organization) with permissions according to his role. The permissions are derived by three parameters:
Permission To |
Defines which type of resource is permitted: Account, Organization, or Group |
Entity |
The name of the account, organization or group |
Role |
Defines the permissions allowed for every operation on the resource: Owner, Manager, or Viewer |
Based on the permission level, a user is allowed to perform various operations on the resource. The user that creates an account becomes the account owner and can invite other users to access resources on his account with different permission levels.
When permitting access to an account, an owner, manager, or viewer roles could be set. Each role grants different permission levels as follows:
Account Roles:¶
Owner:
Update the account
Handle billing aspects
Create/Update Organizations
Add/Update/Delete users to the account or organizations
Change user permissions
Manage all organizations
Manager:
Create/update organizations
Add/Update/Delete users to the account (only to permissions below the Manager) or organizations
Change user permissions
Manage all organizations
Viewer:
View all organizations
Organization or Group Roles:¶
Manager:
Manage organization
Add/Update/Delete users to the organization
Change user permissions
Viewer:
See devices and network status
See network reports
The following figure shows an examples of multiple users with various roles.