This article explains how to give cross-account access to your IT Glue account, so that you can share information in your account with users of another IT Glue account (a "delegate account").
With GlueConnect, you don't have to set up individual users from the delegate account in your account. In addition, users of the delegate account don't have to sign out of their account and sign in to yours in order to access the shared information.
There are a number of ways you can use this feature. For example, imagine you hire a third-party NOC to support your clients outside of business hours. If the third-party also uses IT Glue, you can invite them to your account. You don't have to create or manage individual accounts. Users in the delegate account have permission to work in your account and access information there.
To configure access, there are three basic steps:
Step 1 - Choose a maximum role
The maximum role is an upper limit. Each user in the delegate account will have an effective role that may be different than the maximum role you choose, but not higher than the maximum role.
For example, let's say you set the maximum role to Editor:
|If in the primary account the user has a...||Then their effective role is...|
|Manager or Administrator role||Editor|
Note that Lite users in the delegate account can't access your account. Also, users of the delegate account can't add or modify any security permissions like they can in their primary account.
Step 2 - Grant access
At this point, the delegate account doesn't have access to any information in your account. You will need to grant access by assigning group memberships and adding specific organizations like you would for any user of your account. If you assign all groups and add all organizations, anything that your team can see in your IT Glue account, the users in the delegate account can as well.
You do not need to have any groups created specifically for GlueConnect, but you may want to review your security design. For example, do you want the delegate account to have access to everything your senior tech team can access or do you want them to only have access to what a level 1 tech can access? Are your groups configured for this?
Step 3 - Send invitation email
After you specify a maximum role and grant access, the last step is to send an invitation to the users of the delegate account. We send an invitation email to all users with an Administrator role. Users can access your account only after one of these Administrators accepts the invitation.
- You must be an Administrator to complete the following steps.
- Click Account from the top navigation bar.
- Click GlueConnect from the sidebar.
- Click the + New button in the top-right corner.
- On the next screen, click an option to invite one of the existing third-party provider accounts shown (Inbay and Global Mentoring Solutions) or a different account.
- Enter the subdomain of the delegate account. For example, if the URL is insight-tech.itglue.com, insight-tech is the subdomain. Note: If you invite a Certified Provider, the subdomain is entered automatically.
- Choose a maximum role.
- On the next screen, select the relevant groups and add any organizations that you want all users to have access to. Organization names populated by a group are grayed out because the permissions are inherited.
Important. Each user must have access to at least one organization. Select the Allow All Organizations checkbox if you want to give the delegate account access to all current and future organizations.
- On the last screen, enter a message to the Administrators to include in the invitation email.
- Click Send.
After you send the invitation, it is pending until an Administrator of the delegate account clicks the link in the invitation email. After accepting the invitation, users of the delegate account will have immediate access.
Switching between accounts
From the viewpoint of the delegate account's users:
Sign in with the same URL, email address, and password that you use to access your primary IT Glue account.
To access another account, click your user icon in the upper right-hand side of the screen. Then, in the GlueConnect section of the user name drop-down menu, choose the account you want to access:
In the top navigation bar, you will see a GlueConnect header. When you GlueConnect into another account, the GlueConnect header will change color and the name of the account is displayed:
You can return to your own account at any time by clicking the GlueConnect header.
Will the delegate account be billed as an "active" user?
No, when you use GlueConnect, the delegate account does not count as a user and is not billed. Users of the delegate account also won't count against the number of users you are allowed to have in your pricing plan.
Can I see what the users of the delegate account are doing in my account?
Everything that happens within your IT Glue account is tracked in the activity logs. To view them, go to Account > Activity Logs and you'll be shown a list of all action events (create, read, update, delete). You can filter by the action, the account, and the user. Note: The Account column is only displayed after you start giving delete accounts access to your account.
Can I turn on enforced multi-factor authentication (MFA) on my account?
Yes, but the users of the delegate account will not be prompted to use MFA. They will still have direct access to your account after they authenticate in their primary account. You can't enforce MFA for accounts you let in through GlueConnect but, for added security, you can request that they enforce it on their end.