Enterprise Admin
Enterprise Admin Quick Start Guide
This Enterprise Admin Quick Start Guide covers the steps to:
Part 1: Enable Team Access to PixieBrix
Part 2: Provision PixieBrix at scale
Part 1: Enable Team Access to PixieBrix
Step 1: Sign up for PixieBrix
Visit: https://app.pixiebrix.com/
On the login screen, authenticate with your preferred provider
Google
Microsoft (including Azure Active Directory)
Email — sends a login link to your email
Troubleshooting
Step 2: Create/Configure a Team
Open the Admin Console: https://app.pixiebrix.com
In the Admin Console, click Create Team and provide a team name
Invite your team members. See Roles for role-based permissions
Select Settings in the left side nav
Configure the Team scope and default role:
Team scope: a unique account alias to namespace your team’s mods and bricks. The scope cannot be changed once your team has created a mod
Default role: the default role for users automatically provisioned to your team
Step 3: Ensure Team Member Access/Authentication
Ensure your team members can access PixieBrix using your preferred authentication method:
Google/Microsoft (OpenID)
Account Login Emails (aka Magic Links)
SAML/SSO
If running a pilot/POC, we recommend starting with Google, Microsoft, or Email login to get your team up and running quickly.
Step 3a: Allowlist PixieBrix for Google or Microsoft OpenID Authentication
Allowlisting Login with Google/Microsoft required Admin Access to your Microsoft Azure and/or Google Workspace account
Login with Google: Control which third-party & internal apps access Google Workspace data
Login with Microsoft: Enabling Login with Microsoft
Step 3b: Allowlist PixieBrix account login emails (aka Magic Links)
Allowlisting PixieBrix emails requires Admin Access to your Email Provider
Follow the instructions to ensure the deliverability of system emails: Network/Email Firewall Configuration
Allowlist the PixieBrix system email IP addresses
Allowlist the PixieBrix email domain
Step 3c: Configure SAML/SSO
Configuring SAML/SSO requires Admin Access to your Identity Provider (IdP)
Follow the steps at: Setting Up SAML/SSO
Step 4: Allowlist Outgoing Browser Extension Traffic to PixieBrix in the Network Firewall
Allowlisting traffic requires Admin Access to your Network Firewall
Allowlist the required URLs: Network/Email Firewall Configuration
Step 5: Allowlist the PixieBrix Chrome Browser Extension
This step requires Admin Access to your Enterprise Device Management policies
Allowlist the PixieBrix Chrome Browser Extension:
mpjjildhmpddojocokjkgmlkkkfjnepo. See Browser Extension Installation Policy
Part 2: Provision PixieBrix at Scale
This step requires Admin Access to your Enterprise Device Management policies
Step 6: Set up Automatic User Provisioning for your Domain
Email [email protected] to enable automatic user provisioning for your email domain(s)
Step 7: Force-install the PixieBrix Browser Extension
Follow the instructions at: Browser Extension Installation and Configuration
Force-install the browser extension
Configure the Browser Extension Policy
Step 8: Create a Group for Group-Based Access Control
Follow the steps in the Groups documentation
Visit the Admin Console
Click the Groups menu item in the left side nav
Create a Group
Add group members in one of the following ways:
Upload a CSV in the Admin Console
Use the Developer API to update group membership regularly, or
Contact [email protected] to set up automatic group enrollment by email domain
Step 9: Enable SAML/SSO
Configuring SAML/SSO requires Admin Access to your Identity Provider (IdP)
Follow the steps at: Setting Up SAML/SSO
Last updated
Was this helpful?
