Managing Trelica users
Admin users can add other users to Trelica so that they can log in and view app data. When you add a user to Trelica you specify their permissions in order to control the data they can see and the actions they can perform in the system.
Trelica has the concepts of both people and users:
- People are the individuals in your organization that are using apps. If you have set up an integration to your identity provider (such as Microsoft Azure AD, Google Workspace or Okta), a record is created in Trelica for each person in your organization. When a person logs in to an app and that data is sent to Trelica, the app usage is associated with their person record (and with the app in question). If someone from outside your organization (such as a former employee or an external contractor that has been granted access to a particular app) uses these apps, a person record is created for them and their usage is also recorded in Trelica.
- Users are the individuals from your organization that log in to Trelica in order to view data, manage apps and perform tasks. The role you assign to each user determines what data they can see and what changes they can make in Trelica. Each user has a corresponding record in the People view, so that you can see the apps that they are using.
In addition to admin users, you may want to add users to Trelica so that they can:
- Update and complete tasks that have been assigned to them.
You can add users to Trelica in several ways:
- By allowing anyone from your organization to log in via your identity provider (IdP). This is useful if you want to allow everyone in your organization to be able to auto-enrol to Trelica. This option requires SAML-based single sign-on (SSO) to be enabled. This option cannot be used in conjunction with user requests. For more information, see Configuring SAML single sign-on.
- By allowing anyone from your organization to request access. This is useful if you want to control who can access Trelica, as requests must be manually reviewed. This option cannot be used in conjunction with SAML-based single sign-on. For more information, see Configuring user requests.
- By adding users manually. This method allows you to invite users to Trelica with an email notification and can be used in conjunction with either SAML-based SSO or user access requests. This is useful if you want to add someone from outside your organization to Trelica (and who therefore has not been added to your identity provider and does not have an email address from your domain). For more information, see Adding users manually.
- By assigning an app, task or assessment to an individual. If the assignee is not already a Trelica user, an account is created for them when they click the link in the email notification to access the relevant resource.
You can configure whether users can log in to Trelica with an email address and password, via SSO with OpenID Connect, or via SAML-based SSO. These options are discussed in more detail in the following sections.