Administrators

Each vendor and tenant organization can have multiple admins managing its service accounts, KMS configurations, and logging configurations. Each admin has their own account, and they all have equivalent control over their organization’s data. To prevent loss of organizational account access, we strongly recommend inviting at least 3 admins to every organization.

Authentication

Each organization can choose the method of authentication for its administrators: standard username and password, configuration of an Identity Provider (IDP) that supports SAML-based Single Sign On (SSO), or (for tenant organizations) use of a vendor-provided IDP for SSO.

More details on SSO are here.

Audit Notifications

Each admin is able to request audit notifications by setting a toggle on their account management page. When this is set, they will receive plaintext email notifications for actions taken in the Config Broker that affect their organization.

Multi-org admins

A single user can administer multiple organizations. When inviting a new administrator, if the provided email address is already associated with a Configuration Broker account, they will simply be added to the current organization. After logging in, the admin will have a Switch Organization option when expanding out the menu in the top-right corner of the page.

Each organization chooses a method of authentication, so when an admin switches organizations, they will need to reauthenticate using the new organization’s chosen method.