Add and manage users
In addition to inviting users via email or SSO Just-In-Time (JIT) provisioning, you can now automatically provision users via SCIM if your workspace has SCIM enabled. When SCIM is configured, users added in your Identity Provider (IdP) will be automatically created in your GitGuardian workspace.
Learn more and see setup instructions in the SCIM documentation.
Adding new users
Inviting via email
As a workspace Owner or Manager, you can invite via email other users to join your GitGuardian workspace.
- Navigate to Settings > User management > Members
- Simply submit the email address of the person you want to invite. If you are under a Business plan, you will be able to specify the teams of your new invitee.
- The invited user will receive and email with an invitation link. If you have performed an SSO integration, the invitation link will redirect to your dedicated SSO login URL.
There is no limit to the number of users on your workspace.
Pointing to SSO login URL
If you have configured SSO, you can simply let the Just-In-Time provisioning do the work.
- Make sure the people you want to add to your GitGuardian workspace are part of the allowed IdP group
- Point those people to the SSO login URL dedicated to your workspace. This URL is accessible by workspace Manager in the Authentication settings section.
Manage pending invitations
Once invited, the new user appears in the "Pending" list in the Members section of your workspace. There, you can choose the access level they will be attributed upon sign up.
You can delete a pending invitation, which invalidates the sent invitation link.
Access levels
Each user has its own user account and can be member of one or multiple workspaces. Thus, user membership is handled at the workspace level. Each member is assigned a access level that defines its privileges on the workspace at stake.
Action | Owner | Manager | Member | Restricted |
---|---|---|---|---|
Can access incidents and act on them according to their incident permissions (share, assign, resolve, ignore, export) | ✅ | ✅ | ✅ | ✅, only to incidents they are given access to |
Can create/delete API personal access tokens | ✅ | ✅ | ✅ | ✅, only with scan scope |
Can create/delete API service accounts (Business only) | ✅ | ✅ | ❌ | ❌ |
Can launch historical scans | ✅ | ✅ | ✅, based on team perimeter assignments | ❌ |
Can add/remove/change members | ✅ | ✅ | ❌ | ❌ |
Can join/leave/request access to teams | ✅ | ✅ | ✅ |