Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
To provide your end users with access, you need to provision them by creating both a user account and an organization. Although the admin UI lets you create new users and organizations, API is the best method to provision new users because it lets you automate the process and also lets you define the license of new organizations. You can use these API endpoints in scenarios to provision new users. For instance, the contracting event in a CRM app can trigger your scenario to create an organization and user on your instance.
The following are the main tasks required for provisioning new users:
Create the user if they do not already exist on your instance. Create the user first so you can later assign them to organizations and teams with appropriate roles. The best practice is to create the user and send an invitation without defining their password.
Create an organization for the customer. You need to define the license of each new organization on your instance. The license includes many parameters that allow you to control access to features and limit usage. If not otherwise defined, all new organizations inherit your instance's default license.
You can automate the above tasks via Make scenarios you create to suit your specific needs. Remember that you can integrate provisioning tasks with your customer onboarding.
Although you can add users and create organizations in the Administration interface, using API lets you automate your provisioning. You can create Make scenarios using the and to perform these tasks. The above API endpoints let you perform all necessary provisioning tasks for new users.
After provisioning new end users, you can do the following:
Perform maintenance tasks, such as resetting passwords. Use the administrative API endpoints for these tasks.
Enable special options designed for app developers on your instance. These options allow users to create, test, and publish custom apps.
Make White Label administrators rely on the following principles to manage end users:
A customer is an organization - Make's organizations provide a structure that lets you grant only the access that you want to share with each end customer. Assigning each end customer to an organization lets you use the following to customize access:
License parameter - each organization has an independent license that contains definable parameters. The license parameters let you assign a custom set of limits, features, and access for each end customer.
Permission roles - every user has defined roles for the instance, organization, and team level. Making each end customer the owner of an organization lets you use their license parameter and role to control their access to your platform's resources and data. Assigning end customers to organizations also isolates your end customers from each other.
Every organization has only one owner - although an organization can have multiple administrators, only one user can be the owner. Again, the standard practice is to designate the owner of the account as the organization owner. This arrangement gives your customer the most authority over their own organization and allows them to invite users to their organization and assign organization roles to their organization members.
Any user can belong to multiple organizations - end users do not need to own an organization to have access to it. If you allow it in their license, end customers can invite new end users to their organization. For example, in a B2B SaaS use case, a company is your customer. They may have several organizations and multiple users on your instance to automate and collaborate.
The following tasks represent the customer/user life cycle. Use the links to access more detailed information:
- You need to add every new user to the platform and create an organization for them. Although the SSO options let you do this automatically, creating your own automation and using admin API endpoints is a better method. The admin API endpoints provide more possibilities including defining the license to limit the new customer's access. The admin API also lets you assign roles to further define the new customer's access to your platform.
- Administrative tasks such as resetting passwords and enabling features for your internal app developers.
of customers.
When you need to deprovision a customer from your instance, using Make API allows you to automate the process and offers more functionality than the Administration interface. The recommended procedure is to set all consumables to 0 and give the customer limited access to the organization. This way preserves their scenarios and data in the event that the customer decides to subscribe again.
Use the license object to set operations and other consumables to 0 or the minimum value. This configuration freezes the organization and its scenarios while allowing former customers to have access to their data stores and other assets associated with their organization.
Transfer organization ownership to a dummy owner that you create. Reassign the end user to a role with limited access, such as member. This step limits the former customer's permission privileges while preserving their data and other assets for later use if the customer returns.
You can verify the deprovisioned user's access by using the Login as user feature on
Once you click Login as user, you immediately see that user's dashboard. You can edit the deprovisioned user's notification settings so they do not receive notification emails.
To return to Administration, you need to log out as the user and then log in with your credentials.
Every user has a distinct role that defines their access to your platform. Make White label offers three levels of access control:
Instance level - These roles define access to the administration interface as well as specific permissions. There are roles for administrative, app development, and support purposes. See the reference tables of instance-level roles for more details.
Organization level - Roles for organizations define access to:
Assets, such as scenarios and data stores associated with the organization.
Abilities, such as managing organization members.
Team level - The lowest level of access management. Roles for teams define access to:
Assets, such as scenarios and data stores associated with the team.
Abilities, such as managing team members.
You can assign roles by the or by API. Users with the SA role can .
Every organization has a license which is a collection of parameters that define access to features, such as custom variables, and limit consumables and assets, such as operations and data stores. You can use these parameters to do the following:
Offer multiple tiers of access. For example, offering your customers more operations or data stores based on their contracts.
Control resource usage on your instance. For example, limits on API calls or time between scenario runs.
auditLogsDays
Use this integer parameter to specify how many days of event history the Audit Logs will store. Currently, the maximum supported duration is 365 days.
analyticsAccess
Use this boolean parameter to define if the Analytics page is available.
operations
Use this parameter to limit the number of operations available for your customer's organization.
This limit renews according to the value of the restartPeriod parameter.
transfer
Use this parameter to limit the amount of data that the organization's scenarios can transfer.
This limit renews according to the value of the restartPeriod parameter.
interval
Use this parameter to set the shortest time in minutes between two scheduled scenario runs.
fslimit
Use this parameter to limit the file size that the organization's scenarios can process.
iolimit
Use this parameter to limit the size of webhook queues for the organization.
dslimit
Use this parameter to limit the number of data stores that the organization can have.
dsslimit
Use this parameter to limit the total storage capacity for all data stores in the organization.
(Deprecated) productManagement
This parameter has no impact on white-label instances. Use the following value in all cases:
salesforce
(Deprecated)
gracePeriod
This parameter has no impact on white-label instances. Use the following value in all cases:
7
fulltext
Use this boolean parameter to enable full-text search in the scenario history log.
Once enabled, scenario executions are indexed with full-text search capabilities moving forward. However, there is no impact on previously run executions. Only scenario executions after enabling this feature are available for searching via full text.
scenarios
Use this parameter to limit the number of active scenarios that the organization can have.
advsched
Use this boolean parameter to enable access to advanced scenario scheduling.
apiLimit
Use this parameter to limit of API requests per 1 minute per organization.
Define this parameter as 0 to disable API access.
executionTime
Use this parameter to limit the amount of time in minutes that a single scenario can run.
customVariables
Use this boolean parameter to enable custom variables in scenarios. Access applies to all users in the organization who can create and edit scenarios but only in the context of that specific organization.
Depends on the system flag feature_variables.
creatingTemplates
Use this boolean parameter to let users in the organization create scenario templates.
This parameter allows your internal developers to create custom templates to share with your customers.
installPublicApps
Use this boolean parameter to let users in the organization access custom apps created by someone outside of the organization created.
One possible use case is for your internal apps developers to collaborate across organizations.
restartPeriod
Use this parameter to define how often an organization's consumables (operations, etc.) renew. You can choose between a monthly or an annual reset cycle.
teams
Use this parameter to limit the number of teams that an organization can have.
appslimit
Use this parameter to limit the total number of connection-based apps for all of an organization's active scenarios. For example, 10 means a maximum limit of 10 connection-based apps for an organization's active scenarios.
retention
Use this parameter to define how long your instance stores logs (such as execution logs) for the organization.
Default value is 60 days if not set.
premiumApps
Use this parameter to allow access to premium app tiers. To fully implement app tiers, you must also define an app's tier level.
dlqStorage
Use this parameter to limit storage for incomplete executions.
scenarioIO
Use this boolean parameter to allow access to the scenario inputs feature.
Depends on system flags feature_variables and feature_scenario_inputs
customProperties
Use this integer parameter to enable the custom scenario properties feature. With custom properties, your users can add custom metadata to scenarios and use them to sort and filter their scenarios.
0 to disable for an organization.
1 or higher to define the number of custom scenario properties an organization can create.
dynamicDependencies
Use this boolean parameter to define if dynamic dependencies are allowed in scenarios.
By default, this parameter is set to false, which means dynamic dependencies are not allowed. If set to true, it enables the usage of dynamic dependencies in scenarios.
dynamicConnections
Use this boolean parameter to enable the use of connections in scenario inputs and map them in modules.
By default, this parameter is set to false, meaning that this feature is not enabled. However, in order to use dynamicConnections, you need to have the dynamicDependencies flag turned on. If set to true, it allows you to call scenarios with arbitrary connections.
The Apps and Features tab of the user detail page offers options useful for users developing custom apps on your platform.
When a user creates a custom app, there is an automatically generated internal name for the app. By default, that automatically assigned name includes a random string suffix. Native apps developed by Make do not have this suffix. The ID suffix allows the Make apps team and end users to create apps for the same third-party app. Allowing your end users to create apps without the ID suffix might create conflicts that prevent you from installing native apps. For example, if you create your own custom app for Google Sheets with a suffix ID, you cannot install Make's native app for Google Sheets because of conflicting names.
IML is . Enabling this option lets the user create custom functions using IML.
This custom IML function applies only to using IML within custom apps. Custom functions for scenarios are a separate feature you can enable via the organization's license.
Once you publish and compile an app on your instance, changes to that custom app risk breaking scenarios. This option lets a user commit changes to an app previously approved and compiled. See our for more details on the risks involved.
After you approve and compile an app, that app receives a private tag. This means that users cannot see or access the app until you publish the app. Enabling this option lets the user see and access the private app and its modules.
Only applicable for on-premises instances. Enabling allows the enabled user to create scenarios that access your local network via your internal IP addresses. Enabling this option might compromise your network security.