Add accounts manually

Create accounts in Trelica.

Adding accounts manually is useful if you want to add a small number of accounts or if you want to grant access to someone who does not exist in your identity provider (such as an external contractor or auditor) and therefore cannot use SAML-based SSO.

When you manually add accounts to Trelica, an email notification is sent to the person inviting them to log in. They can log in to the account with an email address and password, or use OpenID Connect for single sign-on with an existing Google or Microsoft account.

Enable login options

By default when a person is invited to log in to Trelica, they set a password for their account. As an alternative you can enable single sign-on (SSO) with OpenID Connect so that an existing account in Google Workspace or Microsoft Entra ID can be used to login.

You can only use SSO with an existing account if the account email address matches the invitation.

To configure the login options:

  1. Select Settings > Accounts to open the Accounts Settings page.
  2. Under Single Sign-On expand SAML options:
    • To allow accounts to log in with their email address and password, select Allow password login.
    • To allow accounts to SSO with an existing Google or Microsoft account, select Allow OpenID Connect.
  3. Select Apply changes.

According to the options you have enabled, the SSO OIDC providers and/or the email address and password options are displayed on the Trelica login page when the new person uses the link to accept their invitation.

On subsequent login attempts, only the option that the account has set up is displayed. Team members can enable alternative login options from their profile page (subject to what is enabled). Team members can access their profile from the profile icon in the top right-hand corner of any page in Trelica. 

Invite team members

You can invite anyone listed in the People directory to log in to Trelica. If you have set up an integration with your identity provider (such as Okta or Google Workspace), everyone in your organization should already be listed in the People directory. If you want to give someone from outside your organization access to Trelica (such as an external auditor), add them to the People directory manually first. This is also useful if you want to create an account for testing. 

To add an account manually:

  1. Open the People directory. The Trelica access column indicates whether or not a person already has a Trelica account.
  2. For each person that you want to invite, select the menu icon and select Invite to Trelica.
  3. Select the Trelica role(s) that you want to give to the account. A summary of the permissions that will be granted to the account is displayed. For more information, see Account roles.
    • If you are inviting someone that has been added to the Owner or IT admin role (or a custom app role) for a managed app, their account is granted the App management role by default. You do not need to select an additional role unless you want to grant their account permissions to other parts of Trelica.
    • If you only want to give someone access to the App catalog, do not select a role. If the App catalog is enabled, then everyone with access to Trelica is granted the App catalog role by default.
  4. Select Invite. An email is sent to the team member, inviting them to complete the registration process. If you have enabled SSO with OpenID Connect, team members will be prompted to log in via your identity provider. Otherwise, they'll be asked to create a password in order to log in.

Remove accounts

When an account holder leaves your organization or changes responsibilities, you may want to revoke their account access to Trelica. If accounts are only able to log in via SSO (either SAML-based or OpenID Connect), then removing the account from the provider will prevent them from logging in to Trelica. You can also revoke their access to Trelica as part of your offboarding process.

To revoke an account's access to Trelica, go to their record in the People directory and from the menu select Edit Trelica access. Alternatively, open the person's details and select Edit access

  • Disable the person's access if you want to be able to restore their access in future. Disabled accounts are still listed as having access to Trelica. 
  • Delete the person's access if you want to remove them as an account from Trelica. This is useful for removing test accounts.

If someone has left your organization, you may want to set an end date in their person record. We do not recommend removing person records, as this will impact historic app usage data.

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.