Create user accounts in Trelica.
Adding users manually is useful if you want to add a small number of users or if you want to grant access to someone who does not exist in your identity provider (such as an external contractor or auditor) and therefore cannot use SAML-based SSO.
When you add users to Trelica manually, an email notification is sent to the user inviting them to log in. Users can log in with an email address and password, or use OpenID Connect for single sign-on with an existing Google or Microsoft account.
Enable login options
By default when a user is invited to log in to Trelica, they set a password for their account. As an alternative you can enable single sign-on (SSO) with OpenID Connect so that users can log in with an existing account in Google Workspace or Microsoft Entra ID.
Users can only SSO with an existing account if the account email address matches the invitation.
To configure the login options:
- Select Admin > Settings > Users to open the Users Settings page.
- Under Single Sign-On expand SAML options:
- To allow users to log in with their email address and password, select Allow password login.
- To allow users to SSO with an existing Google or Microsoft account, select Allow OpenID Connect.
- Click Apply changes.
According to the options you have enabled, the SSO OIDC providers and/or the email address and password options are displayed on the Trelica login page when the new user uses the link to accept their invitation.
On subsequent login attempts, only the option that the user has set up is displayed. Users can enable alternative login options from their profile page (subject to what is enabled). Users can access their profile from the profile icon in the top right-hand corner of any page in Trelica.
Invite users
You can invite anyone listed in the People directory to log in to Trelica. If you have set up an integration with your identity provider (such as Okta or Google Workspace), everyone in your organization should already be listed in the People directory. If you want to give someone from outside your organization access to Trelica (such as an external auditor), add them to the People directory manually first. This is also useful if you want to create an account for testing.
To add a user manually:
- Open the People directory. The Trelica access column indicates whether or not a person already has a Trelica account.
- For each individual that you want to invite, click the menu icon and select Invite to Trelica.
- Select the Trelica user role(s) that you want to give to the user. A summary of the permissions that will be granted to the user is displayed. For more information, see User roles.
- If you are inviting someone that has been added to the Owner or IT admin role (or a custom app role) for a managed app, the user is granted the App management role by default. You do not need to select an additional role unless you want to grant the user permissions to other parts of Trelica.
- If you only want to give someone access to the App Hub, do not select a role. If the App Hub is enabled, then everyone with access to Trelica is granted the App Hub role by default.
- Click Invite. An email is sent to the user, inviting them to complete the registration process. If you have enabled SSO with OpenID Connect, users will be prompted to log in via your identity provider. Otherwise, users will be asked to create a password in order to log in.
Remove users
When a user leaves your organization or changes responsibilities, you may want to revoke their access to Trelica. If users are only able to log in via SSO (either SAML-based or OpenID Connect), then removing the user's account from the provider will prevent them from logging in to Trelica. You can also revoke their access to Trelica as part of your offboarding process.
To revoke a user's access to Trelica, go to their record in the People directory and from the menu select Edit Trelica access. Alternatively, open the person's details and click Edit access.
- Disable the person's access if you want to be able to restore their access in future. Disabled users are still listed as having access to Trelica.
- Delete the person's access if you want to remove them as a user from Trelica. This is useful for removing test accounts.
If the user has left your organization, you may want to set an end date in their person record. We do not recommend removing person records, as this will impact historic app usage data.
Comments
0 comments
Please sign in to leave a comment.