Links
Comment on page

Enterprise Admin

Enterprise Admin Quick Start Guide
This Enterprise Admin Quick Start Guide covers the steps to:
  • Part 1: Enable Team Access to PixieBrix
  • Part 2: Provision PixieBrix at scale

Part 1: Enable Team Access to PixieBrix

Step 1: Sign up for PixieBrix

  1. 2.
    On the login screen, authenticate with your preferred provider
    • Google
    • Microsoft (including Azure Active Directory)
    • Email — sends a login link to your email

Troubleshooting

Step 2: Create/Configure a Team

  1. 1.
    Open the Admin Console: https://app.pixiebrix.com
  2. 2.
    In the Admin Console, click Create Team and provide a team name
  3. 3.
    Invite your team members. See Roles for role-based permissions
  4. 4.
    Select Settings in the left side nav
  5. 5.
    Configure the Team scope and default role:
    • Team scope: a unique account alias to namespace your team’s mods and bricks. The scope cannot be changed once your team has created a mod
    • Default role: the default role for users automatically provisioned to your team
Admin Console > Settings > General Team Settings

Step 3: Ensure Team Member Access/Authentication

Ensure your team members can access PixieBrix using your preferred authentication method:
  • Google/Microsoft (OpenID)
  • Account Login Emails (aka Magic Links)
  • SAML/SSO
If running a pilot/POC, we recommend starting with Google, Microsoft, or Email login to get your team up and running quickly.

Step 3a: Allowlist PixieBrix for Google or Microsoft OpenID Authentication

Allowlisting Login with Google/Microsoft required Admin Access to your Microsoft Azure and/or Google Workspace account
Allowlisting PixieBrix emails requires Admin Access to your Email Provider
Follow the instructions to ensure the deliverability of system emails: Network/Email Firewall Configuration
  1. 1.
    Allowlist the PixieBrix system email IP addresses
  2. 2.
    Allowlist the PixieBrix email domain

Step 3c: Configure SAML/SSO

Configuring SAML/SSO requires Admin Access to your Identity Provider (IdP)
  1. 1.
    Follow the steps at: Setting Up SAML/SSO

Step 4: Allowlist Outgoing Browser Extension Traffic to PixieBrix in the Network Firewall

Allowlisting traffic requires Admin Access to your Network Firewall
  1. 1.
    Allowlist the required URLs: Network/Email Firewall Configuration

Step 5: Allowlist the PixieBrix Chrome Browser Extension

This step requires Admin Access to your Enterprise Device Management policies
  1. 1.
    Allowlist the PixieBrix Chrome Browser Extension: mpjjildhmpddojocokjkgmlkkkfjnepo. See Browser Extension Installation Policy

Part 2: Provision PixieBrix at Scale

This step requires Admin Access to your Enterprise Device Management policies

Step 6: Set up Automatic User Provisioning for your Domain

  1. 1.
    Email [email protected] to enable automatic user provisioning for your email domain(s)

Step 7: Force-install the PixieBrix Browser Extension

  1. 1.
    Force-install the browser extension
  2. 2.
    Configure the Browser Extension Policy

Step 8: Create a Group for Group-Based Access Control

Follow the steps in the Groups documentation
  1. 1.
    Visit the Admin Console
  2. 2.
    Click the Groups menu item in the left side nav
  3. 3.
    Create a Group
  4. 4.
    Add group members in one of the following ways:
    • Upload a CSV in the Admin Console
    • Use the Developer API to update group membership regularly, or
    • Contact [email protected] to set up automatic group enrollment by email domain

Step 9: Enable SAML/SSO

Configuring SAML/SSO requires Admin Access to your Identity Provider (IdP)
  1. 1.
    Follow the steps at: Setting Up SAML/SSO