Enterprise Admin

This Enterprise Admin Quick Start Guide covers the steps to:

• Part 1: Enable Team Access to PixieBrix

• Part 2: Provision PixieBrix at scale

Part 1: Enable Team Access to PixieBrix

Step 1: Sign up for PixieBrix

1. Visit: https://app.pixiebrix.com/

2. On the login screen, authenticate with your preferred provider

   • Google

   • Microsoft (including Azure Active Directory)

   • Email — sends a login link to your email

Troubleshooting

• Enabling Login with Microsoft

• Troubleshooting Google Integration Errors

• Network/Email Firewall Configuration

Step 2: Create/Configure a Team

1. Open the Admin Console: https://app.pixiebrix.com

2. In the Admin Console, click Create Team and provide a team name

3. Invite your team members. See Roles for role-based permissions

4. Select Settings in the left side nav

5. Configure the Team scope and default role:

   • Team scope: a unique account alias to namespace your team’s mods and bricks. The scope cannot be changed once your team has created a mod

   • Default role: the default role for users automatically provisioned to your team

Step 3: Ensure Team Member Access/Authentication

Ensure your team members can access PixieBrix using your preferred authentication method:

• Google/Microsoft (OpenID)

• Account Login Emails (aka Magic Links)

• SAML/SSO

If running a pilot/POC, we recommend starting with Google, Microsoft, or Email login to get your team up and running quickly.

Step 3a: Allowlist PixieBrix for Google or Microsoft OpenID Authentication

• Login with Google: Control which third-party & internal apps access Google Workspace data

• Login with Microsoft: Enabling Login with Microsoft

Step 3b: Allowlist PixieBrix account login emails (aka Magic Links)

Follow the instructions to ensure the deliverability of system emails: Network/Email Firewall Configuration

1. Allowlist the PixieBrix system email IP addresses

2. Allowlist the PixieBrix email domain

Step 3c: Configure SAML/SSO

1. Follow the steps at: Setting Up SAML/SSO

Step 4: Allowlist Outgoing Browser Extension Traffic to PixieBrix in the Network Firewall

1. Allowlist the required URLs: Network/Email Firewall Configuration

Step 5: Allowlist the PixieBrix Chrome Browser Extension

1. Allowlist the PixieBrix Chrome Browser Extension: mpjjildhmpddojocokjkgmlkkkfjnepo. See Browser Extension Installation Policy

Part 2: Provision PixieBrix at Scale

Step 6: Set up Automatic User Provisioning for your Domain

1. Email [email protected] to enable automatic user provisioning for your email domain(s)

Step 7: Force-install the PixieBrix Browser Extension

Follow the instructions at: Browser Extension Installation and Configuration

1. Force-install the browser extension

2. Configure the Browser Extension Policy

Step 8: Create a Group for Group-Based Access Control

Follow the steps in the Groups documentation

1. Visit the Admin Console

2. Click the Groups menu item in the left side nav

3. Create a Group

4. Add group members in one of the following ways:

   • Upload a CSV in the Admin Console

   • Use the Developer API to update group membership regularly, or

   • Contact [email protected] to set up automatic group enrollment by email domain

Step 9: Enable SAML/SSO

1. Follow the steps at: Setting Up SAML/SSO