Advanced Operations

Administrator access, single sign on (SSO), and member expiration periods.

1: Manage Organization Administrators
2: Managing Single Sign-On for Organization
3: Setting Member Expiration Period

1 - Manage Organization Administrators

Add, remove, and update members responsible for managing an organization

Organizations in PlaidCloud provide a top level area to control options such as single sign-on and member access capabilities. Organizations each contain at least one workspace, which allows workspaces to serve as the main level of tenant separation within PlaidCloud. A workspace helps to align teams with specific areas of interest and isolate access as appropriate. PlaidCloud allows Organizations to have an unlimited number of workspaces.

Managing Organization Administrators

Each Organization in PlaidCloud can assign multiple administrators. Administrators have special privileges to control the Organization. They can do things such as manage billing, update access management, and perform workspace management. To manage administrators:

Select the “Organization Settings” menu from the top right of screen
Click “Administrators”

This will display the table of current administrators. After the table opens, you may add new administrators, delete existing administrators, or alter administrative privileges.

Adding an Administrator

To add an administrator:

Select the “Organization Settings” menu from the top right of screen
Click “Administrators”
Click the “Add Organization Administrator” button
Complete the required fields
Click “Add as Administrator”

Deleting an Administrator

To delete an administrator:

Select the “Organization Settings” menu from the top right of screen
Click “Administrators”
Click the delete icon of the desired administrator
Confirm and click “Delete as Administrator”

2 - Managing Single Sign-On for Organization

Set up SAML 2.0 authorization along with attribute passing

Each Organization can have a custom url (https://plaidcloud.com/sso/<custom_name_here>) for members to access the single sign-on page you specified in the configuration.

Note: Single Sign-On uses SAML 2.0 protocols and is set up through the user interface.

To create a custom URL:

Select the “Organization Settings” menu from the top right of screen
Click “Single Sign-On Security Credentials”
Adjust the Single Sign-On URL as desired
Click “Update Organization SSO Settings”

Allow Creation of Users Automatically

If Single Sign-On is enabled, you can choose to automatically create members based on successful Single Sign-On authentication. New members will receive the default workspace and security roles specified in the Organization settings. To automatically create members:

Select the “Organization Settings” menu from the top right of screen
Click “Organization and User Settings”
Check the “Create Users Automatically from Single Sign-On” box
Choose the desired default workspace

Use of this feature greatly simplifies member management because new members will automatically have access without any additional setup in PlaidCloud. Similarly, if members are removed from the Single Sign-On facility, they will no longer have access to PlaidCloud.

Allow Security Group Assignments from Single Sign-On

If Single Sign-On is enabled, you can choose to pass a group association list along with the positive authentication message. The list’s items will be used to assign a member to the specified groups and remove them from any not specified. This is an effective way to manage security group assignments by using a central user management service such as Active Directory or other LDAP service.

Note: If a member is marked as an administrator within a workspace, they will continue to have full access to that workspace regardless of the specific role they may be assigned through this automated process.

If this option is enabled, security roles will be assigned using the supplied list the next time a member signs in. If the option is disabled, existing members will retain their current security roles until manually updated within PlaidCloud.

3 - Setting Member Expiration Period

Set member logins to expire after a specified period and remove from organization

If retaining inactive members within PlaidCloud is not desired, members can be set for automatic removal from the Organization after a specified period of inactivity using the expiration capabilities PlaidCloud offers. This automated removal of dormant members can be set as short as one day, if desired.

Note: Setting this option to zero (0) indicates no automated removal will occur for the Organization.

To set expiration of members:

Select the “Organization Settings” menu from the top right of screen
Click “Organization and User Settings”
Set the desired number of days until expiration
Click Update