Configuring Team Access

Team Access enables delegated user management, allowing Partner and Customer organizations to manage their own team members without requiring full Administrator System Role access. This feature empowers designated Team Managers to activate, deactivate, and reset passwords for users within their account scope.

Understanding Team Access

What is Team Access?

Team Access is a delegated user administration feature that allows:

• Partners and customers to manage their own team members
• Designated Team Managers to perform user management tasks within their account scope
• Reduced administrative burden on system administrators
• Self-service user management for external organizations

Common Use Cases

• Partner Admin Roles: Partner organizations managing their own user base
• Customer Admin Roles: Customer organizations controlling access for their team
• Account Hierarchy Management: Parent companies managing users across subsidiary accounts
• Regional Management: Regional managers controlling access for their geographic areas

Team Manager Capabilities

Team Managers can perform the following user management functions within their authorized scope:

• Activate Contacts: Convert Contact records to active portal users
• Deactivate Users: Remove portal access while preserving user records
• Reset Passwords: Send password reset emails to users
• Assign Security Roles: Grant specific roles (as configured by administrators)

Account Scope and Hierarchy

Basic Account Scope

By default, Team Managers can only manage contacts associated with their specific Account record.

Account Hierarchy (Advanced)

When account hierarchy is enabled:

• Parent Account Access: Team Managers at parent companies can manage contacts from child accounts
• Example: AcmeTech parent company Team Manager can manage contacts from AcmeTech Canada and AcmeTech Europe subsidiary accounts
• Configurable: System administrators control hierarchy access through Security Role configuration

Prerequisites

System Requirements

• Administrator System Role permissions (for configuration)
• Existing Contact form layout for new user creation
• Standard Contact fields (see Field Requirements below)

Required Contact Fields

Team Access requires two standard fields on the Contact entity:

• Community Role Picklist: Tracks the contact's intended community role
• Community User Checkbox: Tracks the contact's portal user status

Note: These are standard fields in current Magentrix deployments. For Salesforce, Dynamics CRM, and HubSpot instances, or older deployments missing these fields, contact Magentrix Support for field setup assistance.

Team Access Configuration

Step 1: Basic Configuration

1. Navigate to Setup Home > Manage > Community Settings
2. Click Team Access Settings
3. Click the Configuration tab
4. Configure the required fields:
   • Community Role Field: Select the picklist field that tracks contact community roles
   • Community User Field: Select the checkbox field that tracks portal user status
   • New Team Member Layout: Select the Contact form layout used when creating new users
5. Click Save

Step 2: Notification Settings

1. Click the Notifications tab
2. Configure notification preferences:
   • Account Owner Notifications: Enable to notify account owners when new team members are added
   • Administrator Notifications: Enable to send notifications to specified email addresses when new users are created
   • Email Configuration: If administrator notifications are enabled, enter email addresses and select notification template
3. Click Save

Step 3: Team Manager Permissions

1. Click the Permissions tab
2. Grant Team Manager access to Security Roles:

Granting Team Manager Permissions

1. Click Grant Permission
2. In the dialog, select the Security Role that should have Team Manager capabilities
3. Click Next
4. Configure role assignment permissions:
   • Assignable Roles: Select Security Roles that Team Managers can assign to team members
   • User Limits: Optionally set limits on how many users can be assigned each role
   • Multiple Roles: Click Assign New Role to allow assignment of additional Security Roles
5. Click Keep Changes

Managing Team Manager Permissions

• Edit Permissions: Click More Actions > Edit to modify existing Team Manager capabilities
• Revoke Access: Click More Actions > Delete to remove Team Manager permissions
• Remove Role Assignment: Click the Delete icon next to specific role assignments

4. Click Save to finalize all permission configurations

Team Manager Role Requirements

Security Role Configuration

Team Managers must have Security Roles with the following permissions:

• Create permissions for User (system): Required to create new portal users
• Create permissions for Contact: Required to create new Contact records if needed
• Read/Edit permissions for Contact: Required to view and modify contacts within their scope

Role Assignment Limitations

• Team Managers can only assign Security Roles specifically authorized by system administrators
• User limits (if configured) prevent exceeding allocated user counts per role
• Overall license limits still apply and cannot be exceeded

User Creation and License Management

License Consumption

• Users created by Team Managers consume standard Partner or Customer licenses
• License type depends on the Security Role assigned
• Team Manager actions are subject to overall license availability
• System prevents activation when license limits are reached

User Assignment Scope

Team Managers can activate any Contact they can view, which depends on:

• Their Security Role's data access permissions
• Account hierarchy configuration
• Contact record sharing settings
• Data filtering based on Account associations

Best Practices

Planning Team Access Implementation

• Define Team Manager Roles: Create specific Security Roles for different types of Team Managers
• Set Appropriate Limits: Configure user limits based on expected team sizes
• Plan Account Hierarchy: Design account structure to support proper delegation
• Test Permissions: Validate Team Manager access with test accounts before full deployment

Security Considerations

• Principle of Least Privilege: Grant only necessary permissions to Team Manager roles
• Regular Audits: Review Team Manager activities and user assignments periodically
• Monitor License Usage: Track license consumption across Team Manager-created users
• Account Boundary Enforcement: Ensure Team Managers can only access appropriate accounts

Operational Guidelines

• Communication: Inform Team Managers about their capabilities and limitations
• Training: Provide guidance on user management best practices
• Support Process: Establish escalation procedures when Team Managers need assistance
• Documentation: Maintain records of Team Manager role assignments and permissions

Troubleshooting Common Issues

Team Manager Cannot Create Users:

• Verify Security Role has Create permissions for User (system) and Contact
• Check that Team Manager permissions are properly configured
• Confirm license availability for new user creation
• Validate that contacts are within Team Manager's account scope

Users Not Receiving Activation Emails:

• Check notification settings in Team Access configuration
• Verify email templates are properly configured
• Confirm user activation was successful
• Review Company Preferences email settings

Permission Denied Errors:

• Validate Team Manager's Security Role permissions
• Check account hierarchy configuration if managing subsidiary accounts
• Confirm Team Manager is attempting to assign authorized Security Roles only
• Review data sharing settings for Contact records

Relationship to Overall User Management

Team Access integrates with Magentrix's broader user management system:

• Complements Administrator Functions: Reduces system administrator workload while maintaining control
• Respects License Limits: Works within overall license allocation and consumption rules
• Follows Security Model: Uses existing Security Role and permission framework
• Maintains Audit Trail: All Team Manager actions are logged for compliance and monitoring

Team Access provides a powerful delegation mechanism that enables scalable user management while maintaining security and administrative oversight.

<< Anonymizing Users