Automatic Permissions for your SaaS Resources - How it Works
Author: Martin Capeletto
Have you ever dreamed about not having to deal anymore with providing permissions for your Team in your Small Business?
As a Small Business Owner is normal to be taken care of those small but tedious tasks daily.
When someone new joins your Company, you have to create an account for them in gSuite, Slack, Jira, GitHub, etc. After that, you need to start adding that new user to different Drives in gSuite, adding him to some Slack Channels, giving him the proper access to your GitHub Repositories, and this goes on and on.
Things get even more complicated as you start moving people around in your Teams. Let say User A now has to go to another team. Now you need to remove all accesses from his old team and add him to this new team's resources.
This approach doesn't scale and takes a lot of time. What we found that usually happens is that most new users never get access to everything they need. And when moving members inside the Company, they never get those old accesses removed. The problems on this are critical on a security and compliance level, but this also creates big problems for your Organization because People usually don't know all the available resources. They have to ask other people where the GitHub repository is located, what Jira Board are we using for this Project, etc.
In MyLenio, we decided there has to be a better way of dealing with this problem, and that's why we developed "Automatic Permissions for Teams."
First, you can model all of your Teams in MyLenio. Creating a Team is easy, just set a Name, decide what Roles are going to be part of it, assign Users to Roles, and then assign your SaaS Resources to this team. Finally, configure what permissions each role has in each Application, and MyLenio will take care of everything for you then.
Now let's go into more details about exactly how this works with an example.
We will create the team: "NASA - Mars Orbit," in this project, we will have 3 Roles: Account Manager, Project Leader, and Developer. And we have 4 members of this team, as you can see on the next screen.
You can configure your own Roles to match your Company structure, and you can assign as many members as you need to different roles. Also, each user can be in multiples teams in the organization.
Now let say that this "Nasa - Mars Orbit" team will need a Google Shared drive to store all confidential information, a Jira Board to track all the team's assignments, and a GitHub repository to store the code. Finally, 2 different Slack Channels (one for the Account Manager and Project Leaders) and the other one with the whole team.
This simple Team already has 4 members, with 5 SaaS Resources. If you have to manually maintain and give all these accesses, you're looking at a lot of wasted time, and when you start growing, you might end up with 20-50-100 teams with 100+ persons in your Company. Things get out of control easily.
The next step is to configure what access level these Roles will have in each Application. For Example, Account Manager and Project Leaders will be Manager in gSuite, they will have Admin rights in GitHub and will be Administrators in Jira. On the other side, developers will only have write access in GitHub, be Contributors in gSuite, and be members of the Jira Board. And for slack, everyone will be on one channel while only Account Managers and Project Leaders will be on the other for internal communication.
Mapping all this in MyLenio takes less than 2 minutes. You can even create any resource in those SaaS Applications without leaving this form. MyLenio will create those using their API, so you don't have to waste time creating all this.
So after you configured for each of the SaaS resources, the access levels those roles will have, you can Publish your Team. What happens here is magic. MyLenio goes over each of your resources and starts providing everyone with the proper permissions. After a few minutes, everyone in that team will have access to everything they need. There is no need to go anywhere else; remember to configure anything else or have multiple people messing with your permissions. Simple and Clean.
To continue with our example, now let's say someone will leave that team, and you're going to replace that person with another employee. This happens all the time as the organizations keep changing shape or as people join or leave your Company. MyLenio comes to the rescue again.
Now that you already have the "NASA - Mars Orbit" team in the system, when someone leaves that team, the only thing you have to do is removing him from the team members section. After that, MyLenio will remove all the accesses they had for being part of that team.
Someone joining an existing team? Just go to that team, select the new person, and assign it to one of the existing roles in MyLenio. That's all, and there's no need to do anything on each of the SaaS resources because MyLenio will take care of providing everything he needs to start working on his new team.
Not only that but when you add someone to a Team, they will receive a notification (using email or Slack if connected) that they are part of a new team with a link to check it. This team onboarding screen will show them who are his teammates, will show all of the SaaS Resources available to him with links (between other things you can do in teams).
This information will always be available for them to check at any time. What this does is giving them all the information they need for being part of this team. No more people asking where the GitHub Repository is or what was the link to Jira. Removing all those questions from your day to day will help people focus on what's more important and leave the heavy lifting for MyLenio.
MyLenio currently supports gSuite Google Drives, Microsoft Office 365 OneDrive, Jira, Bitbucket, GitHub, GitLab, Trello, Slack, etc. are constantly adding more options.