Organization Members
You can add multiple members to your organizations to allow your users to collaborate and build IoT applications as a team. Members within the organization have roles that specify granular permissions for access to applications and dashboards.
Member Roles
There are five levels of default organization membership:
None
A member with the None role cannot see any of the contents of an organization. They cannot change or modify anything within the organization. This extends to all assets of the organization.
Viewer
A member with the Viewer role can see the contents of an organization, including all applications and dashboards owned by that organization, but can not change or modify anything about those applications, dashboards, or the organization itself. This extends into any application as well - with the Viewer role, a user can see devices and workflows inside an org-owned application, but will not be able to modify them.
Collaborator
A member with the Collaborator role can do everything that a member with the Viewer role can do, plus …
- Modify applications or cross-application dashboards, but cannot create new ones or delete existing ones.
- Create, modify, or delete sub-resources within the org-owned application (e.g. devices, workflows, application-owned dashboards).
Editor
A member with the Editor role can do everything a member with the Collaborator role can do, as well as create or delete new applications or dashboards in that organization.
Administrator
At all times, an organization is required to have one member with the Administrator role. A member with the Administrator role can do everything a member with the Editor role can do, plus …
- Modify and manage the organization itself (name, description and icon color)
- Manage organization membership (invite / remove members and change member roles)
- Transfer resources to or from the organization, into or out of their own Sandbox or any organization where they are also an administrator.
- Delete the organization.
Along with default organization roles, members can be assigned roles on a per application or dashboard basis. These granular permissions act as overrides for the member’s assigned default role. The available granular permissions include:
- None
- Viewer
- Collaborator
Managing Existing Members
Administrators can view all of the organization’s members. Here each user’s name, email, role, and multi-factor authentication (MFA) status are displayed as well as any actions available for that member. Here, administrators may remove members - including other administrators - by clicking the Remove
icon in the furthest right table column. This does not delete the user’s Losant account; it simply cuts off their access to your organization. Any user removed from an organization can always be re-invited at a later date.
Administrators can change the role of any organization member (other than themselves) from the Edit Member
page. This can be accessed by clicking on the member’s email on either the Organization Overview
or the Current Members
screen. The user’s current role is displayed in a drop-down box below their user info. Below this, administrators may also set the member’s granular permissions. Here administrators may select an individual application/dashboard as well as a permission that only applies to the selected asset. Simply select a new role for the user and optionally any granular permissions and click the Update Member
button in the footer to complete the changes.
Administrators can remove any current organization member – including other administrators – by clicking the Remove Member
button in the footer and then confirming the action.
Multi-Factor Authentication
Administrators can also view the multi-factor authentication (MFA) status of each member. The possible states of MFA are:
- SSO Managed - The member is using single sign-on (SSO) for authentication and whether they have enabled MFA through that account is unknown to Losant.
- Enabled - The member authenticates directly with Losant and they have MFA enabled on their account.
- Not Enabled - The member authenticates directly with Losant and they do not have MFA enabled.
If desired, organization administrators can set MFA requirements for membership in the organization.
Viewing Application Permissions
To view all organization members’ permissions for a given application, navigate to the application’s Permissions
tab within Application Info
. This page allows viewing the full list of organization members, their role, and, if applicable, their overridden application specific role. Users with an overridden role will be highlighted yellow in the table.
Note: Application permissions are only visible to organization administrators.
Inviting New Members
To invite a new member, click the Add Member
button at the top right of the table. This can also be done from the Organization Overview
screen. This will navigate you to the New Member
screen. Here simply input the new member’s email in the provided box, choose a default permission, and optionally choose any granular permissions to assign. Then, simply click the Send Invite
button in the bottom left to send the invitation.
Note: The selected default permission and any granular permissions are unable to be changed while the invitation is pending. Once the user has accepted the invitation, these can be changed.
Pending invitations are limited by the maximum number of members your organization can have. For example, if your organization can have a maximum of five members, and the organization already has three members, you may only have two pending invitations open at any time.
Each of your invitees will receive an email with instructions on how to join your organization. If they already have a Losant account with a verified email address, they will also see a notification of the pending invitation in their sandbox, from which they can accept or reject the invitation. If they do not already have a Losant account, they can create one as part of the invitation acceptance process.
Once a user is invited, administrators may view the details of the invitation from the Invite Details
screen. This can be accessed by clicking on the email of the invitee from either the Organization Overview
or Pending Invitations
screen.
To revoke a pending invitation, click Revoke Invitation
to the right of the invited user’s email and confirm this action. Administrators may also revoke any invitation from the Members
screen by clicking the Remove
icon in the furthest right table column. If you need to change any of the invitee’s roles, you will either have to wait for the user to accept the invitation and then change their access, or you will have to revoke the current invitation and send the user a new one.
Expired Invitations
Any invitation that was not accepted after seven days has expired. Invitations in this state do not count against your new invitation limit. Invitees whose invitation has expired can no longer join your organization, but can always be sent a new invitation (or a renewal).
Renewing Expired Invitations
Any pending or expired invitation can be renewed by clicking the Renew
link on either the Members
screen or the Individual Invite
screen. This resets the timer on the invitation’s seven-day expiration timeline, and any expired invitation’s link is once again valid.
Leaving an Organization
You may leave an organization at any time by clicking the Leave Organization
button on the organization overview screen, except under the following circumstances:
- You are an Administrator of the organization, AND
- There are no other Administrators for the organization
In those circumstances, you will have to change the permission of an existing organization member to Administrator
, and then you may depart the organization.
Leaving an organization will not cancel your Losant account. No resources will be removed from your Sandbox or any organization you are a member of (including the organization you just left). At any time, a member of your recently departed organization can invite you to re-join the organization. Should you accept the invitation, you will re-enter the organization at the new invitation’s permission level.
Was this page helpful?
Still looking for help? You can also search the Losant Forums or submit your question there.