You can add multiple members to your organizations to allow your users to collaborate and build IoT applications as a team. Members within the organization have roles that specify granular permissions for access to applications and dashboards.
There are five levels of default organization membership:
A member with the None role cannot see any of the contents of an organization. They cannot change or modify anything within the organization. This extends to all assets of the organization.
A member with the Viewer role can see the contents of an organization, including all applications and dashboards owned by that organization, but can not change or modify anything about those applications, dashboards, or the organization itself. This extends into any application as well - with the Viewer role, a user can see devices and workflows inside an org-owned application, but will not be able to modify them.
A member with the Collaborator role can do everything that a member with the Viewer role can do, plus …
- Modify applications or cross-application dashboards, but cannot create new ones or delete existing ones.
- Create, modify, or delete sub-resources within the org-owned application (e.g. devices, workflows, application-owned dashboards).
A member with the Editor role can do everything a member with the Collaborator role can do, as well as create or delete new applications or dashboards in that organization.
At all times, an organization is required to have one member with the Administrator role. A member with the Administrator role can do everything a member with the Editor role can do, plus …
- Modify and manage the organization itself (name, description and icon color)
- Manage organization membership (invite / remove members and change member roles)
- Transfer resources to or from the organization, into or out of their own Sandbox or any organization where they are also an administrator.
- Delete the organization.
Along with default organization roles, members can be assigned roles on a per application or dashboard basis. These granular permissions act as overrides for the member’s assigned default role. The available granular permissions include:
Administrators can view all of the organization’s members. Here each user’s name, email, role, and multi-factor authentication (MFA) status are displayed as well as any actions available for that member. Here, administrators may remove members - including other administrators - by clicking the
Remove icon in the furthest right table column. This does not delete the user’s Losant account; it simply cuts off their access to your organization. Any user removed from an organization can always be re-invited at a later date.
Administrators can change the role of any organization member (other than themselves) from the
Edit Member page. This can be accessed by clicking on the member’s email on either the
Organization Overview or the
Current Members screen. The user’s current role is displayed in a drop-down box below their user info. Below this, administrators may also set the member’s granular permissions. Here administrators may select an individual application/dashboard as well as a permission that only applies to the selected asset. Simply select a new role for the user and optionally any granular permissions and click the
Update Member button in the footer to complete the changes.
Administrators can remove any current organization member – including other administrators – by clicking the
Remove Member button in the footer and then confirming the action.
Administrators can also view the multi-factor authentication (MFA) status of each member. The possible states of MFA are:
- SSO Managed - The member is using single sign-on (SSO) for authentication and whether they have enabled MFA through that account is unknown to Losant.
- Enabled - The member authenticates directly with Losant and they have MFA enabled on their account.
- Not Enabled - The member authenticates directly with Losant and they do not have MFA enabled.
If desired, organization administrators can set MFA requirements for membership in the organization.
To view all organization members’ permissions for a given application, navigate to the application’s
Permissions tab within
Application Info. This page allows viewing the full list of organization members, their role, and, if applicable, their overridden application specific role. Users with an overridden role will be highlighted yellow in the table.
Note: Application permissions are only visible to organization administrators.
To invite a new member, click the
Add Member button at the top right of the table. This can also be done from the
Organization Overview screen. This will navigate you to the
New Member screen. Here simply input the new member’s email in the provided box, choose a default permission, and optionally choose any granular permissions to assign. Then, simply click the
Send Invite button in the bottom left to send the invitation.
Note: The selected default permission and any granular permissions are unable to be changed while the invitation is pending. Once the user has accepted the invitation, these can be changed.
Pending invitations are limited by the maximum number of members your organization can have. For example, if your organization can have a maximum of five members, and the organization already has three members, you may only have two pending invitations open at any time.
Each of your invitees will receive an email with instructions on how to join your organization. If they already have a Losant account with a verified email address, they will also see a notification of the pending invitation in their sandbox, from which they can accept or reject the invitation. If they do not already have a Losant account, they can create one as part of the invitation acceptance process.
Once a user is invited, administrators may view the details of the invitation from the
Invite Details screen. This can be accessed by clicking on the email of the invitee from either the
Organization Overview or
Pending Invitations screen.
To revoke a pending invitation, click
Revoke Invitation to the right of the invited user’s email and confirm this action. Administrators may also revoke any invitation from the
Members screen by clicking the
Remove icon in the furthest right table column. If you need to change any of the invitee’s roles, you will either have to wait for the user to accept the invitation and then change their access, or you will have to revoke the current invitation and send the user a new one.
Any invitation that was not accepted after seven days has expired. Invitations in this state do not count against your new invitation limit. Invitees whose invitation has expired can no longer join your organization, but can always be sent a new invitation (or a renewal).
Any pending or expired invitation can be renewed by clicking the
Renew link on either the
Members screen or the
Individual Invite screen. This resets the timer on the invitation’s seven-day expiration timeline, and any expired invitation’s link is once again valid.
You may leave an organization at any time by clicking the
Leave Organization button on the organization overview screen, except under the following circumstances:
- You are an Administrator of the organization, AND
- There are no other Administrators for the organization
In those circumstances, you will have to change the permission of an existing organization member to
Administrator, and then you may depart the organization.
Leaving an organization will not cancel your Losant account. No resources will be removed from your Sandbox or any organization you are a member of (including the organization you just left). At any time, a member of your recently departed organization can invite you to re-join the organization. Should you accept the invitation, you will re-enter the organization at the new invitation’s permission level.
Was this page helpful?
Still looking for help? You can also search the Losant Forums or submit your question there.