Managing Membership

Adding users, groups and roles

Managing your membership, setting up groups, and assigning users
to roles within your network is vital to long term scale and success.

Managing membership

Once you have decided on your use case for networked enterprise and how users will authenticate, you need to determine your model for member management. Member management defines hows users will be added, removed, and assigned to groups in your hub and spoke sites. 

The Igloo platform supports four methods for managing membership:

  1. ILST: Sync users from your corporate Active Directory (AD).
  2. Invitations: Send an invite to specific users. 
  3. Add members: Add users manually to a hub and/or spoke(s).
  4. Bulk user import: Bulk upload users from a pre-formatted spreadsheet. 
PlaybookTip_Icon.pngPlaybook Tip: Use the ILST tool to sync users
Igloo recommends using ILST to manage site membership when using the Networked Enterprise Edition. The  ILST allows IT Administrators to automatically sync both group and profile data stored in the corporate AD (Microsoft or Azure) to a digital workplace.

Membership rules

The hub

The hub is the central site in the network. Membership to the hub site can be controlled directly, however, whenever a spoke site adds a member, that member is also automatically added to the hub site's [All Members] group. By being in the [All Members] group, users will receive access to any content that has been given to that group. 

Keep in mind: 

  • Members added to spoke sites  are automatically added to the hub
  • Members removed from the hub are also removed from every spoke they belong to
  • Members who have been removed from all spoke sites will still need to be removed from the hub if they are no longer part of the organization.

General access rights within the hub are controlled and managed like any other digital workplace using the following four tools:

  1. Roles
  2. Groups
  3. Individual permissions (however, these should be avoided)
  4. Spaces

Spoke sites

Membership management within a spoke site follows the same rules as any other digital workplace. Administrators and/or Membership Managers (e.g. system roles within the Igloo platform) add, remove, and assign users to groups and roles. This group membership is then used in conjunction with content and location-specific access rules to craft what that group can see and do in a workplace.

For an organization that uses the ILST to manage membership, the following would be typical next steps after having created a new spoke:

  1. Sync users to the spoke. This will allow the IT team to work out any ILST configuration issues.
  2. Create the necessary groups in the spoke. Groups must exist in the spoke before they can be synced to.
  3. Add this group info to the ILST configuration file. Group identifiers are used by ILST to determine where to place a user.
  4. Re-run the sync with group mapping applied. Users should now be placed in the correct groups.
  5. Setup the ILST to run automatically. Running the ILST once every 24 hours is sufficient for most organizations.
  6. Configure the authentication method. With users already in the spoke, it is easier to set up an authentication method.

Membership in multiple spoke sites 

Users can be a member of many different spoke sites within a networked enterprise. Due to how the hub membership interacts with spokes, adding, or revoking users works as follows:

  • Adding a member to a spoke:  Adds the member to the spoke and the hub.
  • Revoking a member from the hub: Removes the member from the hub and all spokes that they were a member of.
  • Revoking a member from a spoke: Removes the member from that spoke only.

Toolkit

Access key resources to get prepared for your networked enterprise solution.

Help

Didn't find what you're looking for? Have a question or feedback?

Viewed 226 times