Enterprise Admin

Enterprise Admin Quick Start Guide

This Enterprise Admin Quick Start Guide covers the steps to:

  • Part 1: Enable Team Access to PixieBrix

  • Part 2: Provision PixieBrix at scale

Part 1: Enable Team Access to PixieBrix

Step 1: Sign up for PixieBrix

  1. On the login screen, authenticate with your preferred provider

    • Google

    • Microsoft (including Azure Active Directory)

    • Email β€” sends a login link to your email

Troubleshooting

Step 2: Create/Configure a Team

  1. Open the Admin Console: https://app.pixiebrix.com

  2. In the Admin Console, click Create Team and provide a team name

  3. Invite your team members. See Roles for role-based permissions

  4. Select Settings in the left side nav

  5. Configure the Team scope and default role:

    • Team scope: a unique account alias to namespace your team’s mods and bricks. The scope cannot be changed once your team has created a mod

    • Default role: the default role for users automatically provisioned to your team

Step 3: Ensure Team Member Access/Authentication

Ensure your team members can access PixieBrix using your preferred authentication method:

  • Google/Microsoft (OpenID)

  • Account Login Emails (aka Magic Links)

  • SAML/SSO

If running a pilot/POC, we recommend starting with Google, Microsoft, or Email login to get your team up and running quickly.

Step 3a: Allowlist PixieBrix for Google or Microsoft OpenID Authentication

Allowlisting Login with Google/Microsoft required Admin Access to your Microsoft Azure and/or Google Workspace account

Allowlisting PixieBrix emails requires Admin Access to your Email Provider

Follow the instructions to ensure the deliverability of system emails: Network/Email Firewall Configuration

  1. Allowlist the PixieBrix system email IP addresses

  2. Allowlist the PixieBrix email domain

Step 3c: Configure SAML/SSO

Configuring SAML/SSO requires Admin Access to your Identity Provider (IdP)

  1. Follow the steps at: Setting Up SAML/SSO

Step 4: Allowlist Outgoing Browser Extension Traffic to PixieBrix in the Network Firewall

Allowlisting traffic requires Admin Access to your Network Firewall

  1. Allowlist the required URLs: Network/Email Firewall Configuration

Step 5: Allowlist the PixieBrix Chrome Browser Extension

This step requires Admin Access to your Enterprise Device Management policies

  1. Allowlist the PixieBrix Chrome Browser Extension: mpjjildhmpddojocokjkgmlkkkfjnepo. See Browser Extension Installation Policy

Part 2: Provision PixieBrix at Scale

This step requires Admin Access to your Enterprise Device Management policies

Step 6: Set up Automatic User Provisioning for your Domain

  1. Email [email protected] to enable automatic user provisioning for your email domain(s)

Step 7: Force-install the PixieBrix Browser Extension

Follow the instructions at: Browser Extension Installation and Configuration

  1. Force-install the browser extension

  2. Configure the Browser Extension Policy

Step 8: Create a Group for Group-Based Access Control

Follow the steps in the Groups documentation

  1. Visit the Admin Console

  2. Click the Groups menu item in the left side nav

  3. Create a Group

  4. Add group members in one of the following ways:

    • Upload a CSV in the Admin Console

    • Use the Developer API to update group membership regularly, or

    • Contact [email protected] to set up automatic group enrollment by email domain

Step 9: Enable SAML/SSO

Configuring SAML/SSO requires Admin Access to your Identity Provider (IdP)

  1. Follow the steps at: Setting Up SAML/SSO

Last updated