Enterprise Admin

Enterprise Admin Quick Start Guide

PreviousTeam Member NextActivating Mods

Last updated 7 months ago

Was this helpful?

Enterprise Admin

Enterprise Admin Quick Start Guide

This Enterprise Admin Quick Start Guide covers the steps to:

Part 1: Enable Team Access to PixieBrix
Part 2: Provision PixieBrix at scale

Part 1: Enable Team Access to PixieBrix

Visit:
On the login screen, authenticate with your preferred provider
- Google
- Microsoft (including Azure Active Directory)
- Email — sends a login link to your email

Troubleshooting

Step 2: Create/Configure a Team

In the Admin Console, click Create Team and provide a team name
Invite your team members. See Roles for role-based permissions
Select Settings in the left side nav
Configure the Team scope and default role:
- Team scope: a unique account alias to namespace your team’s mods and bricks. The scope cannot be changed once your team has created a mod
- Default role: the default role for users automatically provisioned to your team

Step 3: Ensure Team Member Access/Authentication

Ensure your team members can access PixieBrix using your preferred authentication method:

Google/Microsoft (OpenID)
Account Login Emails (aka Magic Links)
SAML/SSO

If running a pilot/POC, we recommend starting with Google, Microsoft, or Email login to get your team up and running quickly.

Step 3a: Allowlist PixieBrix for Google or Microsoft OpenID Authentication

Allowlisting Login with Google/Microsoft required Admin Access to your Microsoft Azure and/or Google Workspace account

Allowlisting PixieBrix emails requires Admin Access to your Email Provider

Follow the instructions to ensure the deliverability of system emails: Network/Email Firewall Configuration

Allowlist the PixieBrix system email IP addresses
Allowlist the PixieBrix email domain

Step 3c: Configure SAML/SSO

Configuring SAML/SSO requires Admin Access to your Identity Provider (IdP)

Follow the steps at: Setting Up SAML/SSO

Step 4: Allowlist Outgoing Browser Extension Traffic to PixieBrix in the Network Firewall

Allowlisting traffic requires Admin Access to your Network Firewall

Allowlist the required URLs: Network/Email Firewall Configuration

Step 5: Allowlist the PixieBrix Chrome Browser Extension

This step requires Admin Access to your Enterprise Device Management policies

Allowlist the PixieBrix Chrome Browser Extension: mpjjildhmpddojocokjkgmlkkkfjnepo. See Browser Extension Installation Policy

Part 2: Provision PixieBrix at Scale

This step requires Admin Access to your Enterprise Device Management policies

Step 6: Set up Automatic User Provisioning for your Domain

Step 7: Force-install the PixieBrix Browser Extension

Follow the instructions at: Browser Extension Installation and Configuration

Force-install the browser extension
Configure the Browser Extension Policy

Step 8: Create a Group for Group-Based Access Control

Follow the steps in the Groups documentation

Click the Groups menu item in the left side nav
Create a Group
Add group members in one of the following ways:
- Upload a CSV in the Admin Console
- Use the Developer API to update group membership regularly, or

Step 9: Enable SAML/SSO

Configuring SAML/SSO requires Admin Access to your Identity Provider (IdP)

Follow the steps at: Setting Up SAML/SSO

PreviousTeam Member NextActivating Mods

Last updated 7 months ago

Was this helpful?

This Enterprise Admin Quick Start Guide covers the steps to:

Part 1: Enable Team Access to PixieBrix
Part 2: Provision PixieBrix at scale

Part 1: Enable Team Access to PixieBrix

Visit:
On the login screen, authenticate with your preferred provider
- Google
- Microsoft (including Azure Active Directory)
- Email — sends a login link to your email

Troubleshooting

Step 2: Create/Configure a Team

Open the Admin Console:
In the Admin Console, click Create Team and provide a team name
Invite your team members. See Roles for role-based permissions
Select Settings in the left side nav
Configure the Team scope and default role:
- Team scope: a unique account alias to namespace your team’s mods and bricks. The scope cannot be changed once your team has created a mod
- Default role: the default role for users automatically provisioned to your team

Step 3: Ensure Team Member Access/Authentication

Ensure your team members can access PixieBrix using your preferred authentication method:

Google/Microsoft (OpenID)
Account Login Emails (aka Magic Links)
SAML/SSO

If running a pilot/POC, we recommend starting with Google, Microsoft, or Email login to get your team up and running quickly.

Step 3a: Allowlist PixieBrix for Google or Microsoft OpenID Authentication

Allowlisting Login with Google/Microsoft required Admin Access to your Microsoft Azure and/or Google Workspace account

Allowlisting PixieBrix emails requires Admin Access to your Email Provider

Follow the instructions to ensure the deliverability of system emails: Network/Email Firewall Configuration

Allowlist the PixieBrix system email IP addresses
Allowlist the PixieBrix email domain

Step 3c: Configure SAML/SSO

Configuring SAML/SSO requires Admin Access to your Identity Provider (IdP)

Follow the steps at: Setting Up SAML/SSO

Step 4: Allowlist Outgoing Browser Extension Traffic to PixieBrix in the Network Firewall

Allowlisting traffic requires Admin Access to your Network Firewall

Allowlist the required URLs: Network/Email Firewall Configuration

Step 5: Allowlist the PixieBrix Chrome Browser Extension

This step requires Admin Access to your Enterprise Device Management policies

Allowlist the PixieBrix Chrome Browser Extension: mpjjildhmpddojocokjkgmlkkkfjnepo. See Browser Extension Installation Policy

Part 2: Provision PixieBrix at Scale

This step requires Admin Access to your Enterprise Device Management policies

Step 6: Set up Automatic User Provisioning for your Domain

Email to enable automatic user provisioning for your email domain(s)

Step 7: Force-install the PixieBrix Browser Extension

Follow the instructions at: Browser Extension Installation and Configuration

Force-install the browser extension
Configure the Browser Extension Policy

Step 8: Create a Group for Group-Based Access Control

Follow the steps in the Groups documentation

Visit the
Click the Groups menu item in the left side nav
Create a Group
Add group members in one of the following ways:
- Upload a CSV in the Admin Console
- Use the Developer API to update group membership regularly, or
- Contact to set up automatic group enrollment by email domain

Step 9: Enable SAML/SSO

Configuring SAML/SSO requires Admin Access to your Identity Provider (IdP)

Follow the steps at: Setting Up SAML/SSO

Part 1: Enable Team Access to PixieBrix

Step 1: Sign up for PixieBrix

Troubleshooting

Step 2: Create/Configure a Team

Step 3: Ensure Team Member Access/Authentication

Step 3a: Allowlist PixieBrix for Google or Microsoft OpenID Authentication

Step 3b: Allowlist PixieBrix account login emails (aka Magic Links)

Step 3c: Configure SAML/SSO

Step 4: Allowlist Outgoing Browser Extension Traffic to PixieBrix in the Network Firewall

Step 5: Allowlist the PixieBrix Chrome Browser Extension

Part 2: Provision PixieBrix at Scale

Step 6: Set up Automatic User Provisioning for your Domain

Step 7: Force-install the PixieBrix Browser Extension

Step 8: Create a Group for Group-Based Access Control

Step 9: Enable SAML/SSO

Part 1: Enable Team Access to PixieBrix

Step 1: Sign up for PixieBrix

Troubleshooting

Step 2: Create/Configure a Team

Step 3: Ensure Team Member Access/Authentication

Step 3a: Allowlist PixieBrix for Google or Microsoft OpenID Authentication

Step 3b: Allowlist PixieBrix account login emails (aka Magic Links)

Step 3c: Configure SAML/SSO

Step 4: Allowlist Outgoing Browser Extension Traffic to PixieBrix in the Network Firewall

Step 5: Allowlist the PixieBrix Chrome Browser Extension

Part 2: Provision PixieBrix at Scale

Step 6: Set up Automatic User Provisioning for your Domain

Step 7: Force-install the PixieBrix Browser Extension

Step 8: Create a Group for Group-Based Access Control

Step 9: Enable SAML/SSO