Organizations
Shared resources and caches across users, projects, and settings
Organizations form the basis of collective state within Buildless, across users, projects, and settings. Orgs are also referred to as "tenants."
About Organizations
In general, Organizations facilitate powerful team-wide features within Buildless. Caches can easily be shared across orgs, along with settings, replication, authorization, and more.
Capabilities
Organizations:
- Can invite any Buildless user to join
- Can create "managed" users, for instance, synchronized with a directory via SCIM
- Can automatically share access to caches across an organization
- Can create organization-level cache projects
- IT and finance users can be invited to manage auth or billing features
Org-owned Projects
Organizations can own Projects, which are, by default, accessible to all users who are members of an org. Projects have a range of settings which control access and propagation.
Access controls
There are two access levels available to organization-owned projects:
INTERNAL: Projects which are considered org-private. "Internal" projects, by default, share access controls within the organization, and allow any org user with sufficient access privileges to read or write cached objects.PRIVATE: Projects which are controlled within an organization. "Private" projects enforce explicit access requirements, with no defaults for an organization.PUBLIC: Projects which allow public reads. "Public" projects allow any connected client to read cache objects associated with this project. This mode is well suited for collaborative or open source projects.
The default access mode for org-owned projects is INTERNAL.
User Management
Organizations have several options for managing users:
- Any Buildless individual user can be invited to an organization and granted permissions
- Organizations can create managed users, which only exist within the scope of their org
Inviting Users
For minimal management overhead, smaller orgs are encouraged to use the invite-based flow, which is supported for any Buildless user account. Users should be encouraged to login however they are most comfortable, ideally via GitHub, so that source control integration doesn't need additional linkage.
Who can invite users?
Any member of an organization with at least ADMIN privileges, or IT_ADMIN privileges, can create and manage user accounts.
Managed Users
For larger organizations who want seamless integration, SCIM and SSO technologies are supported. Managed Users are user accounts which are managed by org administrators.
How Managed Users Work
Managed users are provisioned and controlled entirely by org administrators, and do not exist outside of a Buildless org. As a result, some features are not available on the wider Buildless platform for managed users:
- Managed users cannot be invited to other orgs at this time
- Managed users cannot create public projects without administrator permission
- Managed users are entirely managed by customer systems, through technologies like SAML and SCIM
- Managed users can be mixed with invited users in an organization
Identity & Provisioning
Buildless supports the following auth and provisioning scenarios:
| Identity | Provisioning |
|---|---|
| ✅ SAML, version 2.0 | ✅ SCIM, version 2.0 |
| ✅ WSFederate | ✅ On-demand provisioning |
| ✅ Google Workspace | |
| ✅ Microsoft Azure AD | |
| ✅ OIDC-compliant IDP |
Provider support matrix
See below for identity and provisioning support by provider:
| Provider | SSO | Provisioning |
|---|---|---|
| Google Workspace | ✅ Supported (SAML or OIDC) | ✅ Supported (SCIM) |
| Microsoft Azure AD | ✅ Supported (SAML + OIDC) | ✅ Supported (SCIM) |
| Okta | ✅ Supported (SAML) | ✅ Supported (SCIM) |
| OneLogin | ✅ Supported (SAML) | ✅ Supported (SCIM) |
| PingFederate | ✅ Supported (SAML) | 🚧 Talk to us |
Updated 5 months ago