ilert Documentation
WebsiteAPI ReferenceLoginStart for Free
  • Getting Started
    • Core concepts
    • FAQ
      • Renaming of Incidents to Alerts
    • Import from PagerDuty
    • Import from StatusPage.io
  • Alerting
    • Dashboard
    • Alert sources
    • Notification settings
      • Mute notifications
    • Support hours
    • Maintenance windows
    • Heartbeat monitoring
      • Prometheus Heartbeat Example
      • CLI Heartbeat Examples
    • Deployment events
    • 🏛️Understanding event flows
    • ilert sender IDs, domains and IPs
      • SMS and voice alerts in China
  • On-call management & Escalations
    • Escalation policies
    • On-call schedules
      • My on-call shifts
      • Recurring schedules
      • Static schedules
    • Coverage requests
  • ChatOps
    • Overview
    • Integration for Slack
      • Receive and respond to alerts in Slack
      • Create a dedicated Slack channel for an existing alert
      • Create alerts in Slack
      • Look up who is on-call
    • Microsoft Teams Integration
      • Microsoft Teams Chat Integration
        • Microsoft Teams Integration via Incoming Webhook
        • Microsoft Teams Integration via Workflows
      • Microsoft Teams Meeting Integration
      • Create a channel for an existing alert in Microsoft Teams
      • Create alerts in Microsoft Teams
      • Look up who is on-call in Microsoft Teams
  • Incident comms & status pages
    • Getting started
    • Services
    • Incidents
    • Status pages
      • Public vs private status pages
      • Audience-specific status page
    • Metrics
      • Import metrics from Datadog
      • Import metrics from Prometheus
  • 🪄ilert AI
    • Introduction
    • Using ilert AI for efficient incident communication
    • Using ilert AI for post-mortem creation
    • Using ilert AI for schedule generation
    • Using ilert AI for alert grouping
    • Global Search enhanced by ilert AI
      • Bulk resolving similar alerts
  • Call Routing
    • Getting started with call routing
    • Routing calls using call flows
    • Call routing (legacy)
      • Routing calls based on support hours
      • Voicemail only mode
      • Managing call routing alerts
      • Adding webhooks and outbound chat messages
      • Uploading custom audio responses
  • User Administration
    • User roles and permissions
    • Team-based organisation
    • Single sign on
      • Setting up SSO with GSuite
      • Setting up SSO with Microsoft Azure Active Directory
      • Setting up SSO with Okta
      • Setting up SSO with Auth0
      • Auto provisioning users & teams
    • 🔐Two-factor authentication / MFA
  • INTEGRATIONS
    • Types of integrations
    • Inbound integrations
      • 4me Integration
      • Ansible Automation Platform AWX Integration
      • Amazon CloudWatch Integration
      • Amazon SNS Integration
        • Amazon SNS Inbound Integration
        • Amazon SNS Outbound via AWS Lambda
      • Azure Alerts Integration
        • Azure Activity Logs
        • Azure Metric
        • Azure Logs
        • Azure Service Health
        • Azure Sentinel
        • Budget Alert
      • Apica Integration
      • AppDynamics Integration
      • AppSignal Integration
      • AWS Budgets Integration
      • AWS Cloudtrail Integration
      • AWS DevOps Guru Integration
      • AWS GuardDuty Integration
      • AWS Personal Health Dashboard Integration
      • AWS Security Hub Integration
      • Autotask Inbound Integration
      • Auvik Integration
      • Catchpoint Integration
      • Checkly Integration
      • Checkmk Integration
        • Checkmk Integration (v 1.x)
        • Checkmk Integration (v 2.0+ )
      • Cisco Meraki Integration
      • Cisco ThousandEyes Integration
      • Cisco Webex
      • Cloudflare Integration
      • ClusterControl Integration
      • Connectwise Manage Integration
      • Cortex Integration
      • Cortex XSOAR (formerly Demisto) Integration
      • CrowdStrike Integration
      • Dash0 Integration
      • Datadog Integration
      • Dynatrace Integration
      • Elastic Watcher Integration
      • Email Inbound Integration
        • Email Key Extraction and Resolve Examples
        • Automatically resolve Alerts with Emails
      • FreshService Integration
      • Gatus Integration
      • GitHub Integration
        • GitHub Advanced Security Integration
        • GitHub Inbound Check Run (Actions) Integration
        • GitHub Inbound Issue Integration
        • GitHub advanced settings
      • GitLab Integration
      • Google Cloud Monitoring (formerly Stackdriver) Integration
      • Google Security Command Center
      • Grafana Integration
        • Grafana Integration
        • Grafana Integration (v 9.x)
      • Graylog Integration
      • HaloITSM Integration
      • HaloPSA Integration
      • HashiCorp Consul
      • Healthchecks.io Integration
      • HetrixTools Integration
      • Honeybadger Integration
      • Honeycomb Integration
      • Hyperping Integration
      • CrowdStrike Falcon LogScale Integration
      • IBM Cloud Functions Integration
      • Icinga Integration
      • InfluxDB Integration
      • Instana Integration
      • IT-Conductor Integration
      • IXON Cloud Integration
      • Jira Inbound Integration
      • JumpCloud Integration
      • Kafka Integration
      • Kapacitor Integration
      • Kentix AlarmManager
      • Keep Integration
      • Kibana Integration
      • Kubernetes Integration
      • Lightstep Integration
      • Loki integration
      • Mezmo Integration
      • Microsoft SCOM
      • Mimir Integration
      • MongoDB Atlas Integration
      • MXToolBox Integration
      • MQTT Integration
      • Nagios Integration
      • N-central Integration
      • Netdata Integration
      • New Relic Integration
        • New Relic Integration (deprecated)
        • New Relic Workflow Integration
      • Oh Dear Integration
      • PandoraFMS Integration
      • Particle Integration
      • Pingdom Integration
      • PostHog Integration
      • Postman Monitors Integration
      • Prometheus Integration
      • PRTG Network Monitor Integration
      • Prisma Cloud Integration
      • Push Notifications
      • RapidSpike Integration
      • Raygun Integration
      • Rollbar Integration
      • Salesforce Integration
      • Samsara Integration
      • Search Guard Integration
      • Sematext Integration
      • Sensu Integration
      • Sentry Integration
      • Server Density Integration
      • ServerGuard24 Integration
      • ServiceNow Inbound Integration
      • SignalFx Integration
      • Site24x7 Integration
      • SMS Integration
      • SolarWinds Integration
      • Splunk Integration
      • StatusCake Integration
      • StatusHub Integration
      • StatusPage Integration
      • Sumo Logic Integration
      • Sysdig Integration
      • TOPdesk Inbound Integration
      • Terraform Cloud / Terraform Enterprise
      • Tulip Integration
      • Twilio Alarms Integration
      • Twilio Errors Integration
      • Ubidots Integration
      • Uptime Kuma Integration
      • UptimeRobot Integration
      • VictoriaMetrics Integration
      • Zabbix Integration
        • Zabbix 4.4+ Integration
        • Zabbix 2.2 – 4.3 Integration
      • Zammad Inbound Integration
      • Zapier Inbound Integration
      • Zendesk Inbound Integration
    • Outbound integrations
      • Autotask Outbound Integration
      • DingTalk Integration
      • Discord Integration
      • Email Outbound Integration
      • Jira Outbound Integration
      • GitHub Outbound Issue Integration
      • Mattermost Integration
      • ServiceNow Outbound Integration
      • Telegram Integration
      • TOPdesk Outbound Integration
      • Webhook Integration
      • Zammad Outbound Integration
      • Zapier Outbound Integration
      • Zendesk Outbound Integration
      • Zoom Integration
        • Zoom Chat Integration
        • Zoom Meeting Integration
    • Deployment integrations
      • API deployment pipeline
      • Argo CD deployment pipeline
      • Github deployment pipeline
      • GitLab deployment pipeline
  • Reports
    • Overview
    • Alerts
  • API
    • API Reference
    • API Version History
      • API user preference migration 2023
      • Discontinuation of Uptime Monitoring
    • Rate Limiting
    • Client Libraries
      • ilert Agent - ilagent
      • Go Client
      • Rust Client
      • Javascript / Node.js Client
    • Terraform
      • Importing ilert UI resources into Terraform state
    • 👩‍💻ICL - ilert condition language
    • ➿ITL - ilert template language
    • API endpoints / samples
      • Creating alerts through events
      • Importing public status page subscribers
    • 🔥Developing ilert Apps
      • Get started with ilert Apps
      • Understanding OAuth2
      • Developing a Backend App with OAuth2
      • Developing a web or native App with OAuth2 and PKCE
      • Token lifetimes, error codes, app verification, etc.
  • Contact us
  • ilert Release Notes
  • Mobile App
    • Getting started with ilert mobile app
    • Mobile app notification settings
    • Critical push notifications and DND overrides
      • iOS critical alerts configuration
      • Android Push Notification DND Configuration
    • On-call widget
Powered by GitBook
LogoLogo

Product

  • Alerting & Notification
  • On-call Management & Escalations
  • Call Routing
  • Status Pages

Resources

  • Blog
  • Case Studies
  • Security
  • API Reference

Legal

  • Privacy policy
  • Imprint

Increase Your Uptime

  • Start for Free
  • Get a Demo

(c) 2011 - 2025 ilert GmbH

On this page
  • Team Filter
  • Creating Teams
  • Private Teams
  • Team Roles
  • Resource ownership adjustments
  • Resource Visibility
  • User Visibility
  • Alert Visibility
  • Data Visibility in Report
  • FAQ
  • When using ilert, am I required to configure teams?
  • Why is there no Guest team role?
  • What happens if I turn a private team to a public with team roles giving lesser permissions?
  • Is it possible to manage multiple teams that cannot see each other and their resources at all in the same account?
  • I am a Team Admin trying to add a user to my team but he does not appear in the users dropdown. What am I doing wrong?

Was this helpful?

Edit on GitHub
  1. User Administration

Team-based organisation

Create teams to manage access to resources and simplify the user interface to show only the alerts and resources relevant to a team.

PreviousUser roles and permissionsNextSingle sign on

Last updated 14 days ago

Was this helpful?

ilert's team feature allows you to easily manage complex permission scenarios and keep the UI experience for your users and teams simple by only showing the resources owned by the selected team. It enables productivity while managing hundreds of alert sources and users, as well as hundreds or thousands of alerts.

Team Filter

The team filter lets you switch between different team contexts. It gives you the following options depending on the corresponding teams existing in your account.

  • All teams essentially removes any filter and shows you all objects that you have permission to view, including those that are not associated with any teams.

  • My teams shows you all objects of the teams that you are a member of.

  • A specific team: selecting a specific team will show you all objects that are associated with the selected team.

The team filter is located at the top right in the navigation bar:

In case your account requires a large number of teams, the team filter will automatically collapse and include a search field for quick navigation between different team views:

The team filter is also available in the mobile app:

The team filter selection is stored for each user and synced across devices—meaning users will always continue where they left off, even when changing from desktop to mobile app.

Visibility of the team filter

The team filter will automatically disappear when the user has no selectable teams available. Please note, that the team filter has no effect on the team management UI, as all resources and users in the permission context of the current user may be assigned to the team.

Creating Teams

To create a new team, navigate to the list view using the Teams link in the settings navigation menu.

Click on Add new team, enter a name for your new team, and use the Create team button to create it.

You may now add new members or resources to the team.

You may also directly manage the team ownership of resources in their edit views, for example, alert sources:

In case no teams are available for the current user (with included write permission) the team selector may not appear in the edit views.

Private Teams

You may choose to create a private team, which allows you to restrict visibility of the team and its associated objects (including users) to the team members. Note, that global admins and the account owner will be able to see the data of a private team, even if they are not a member of the team.

To make a team private, navigate to the team's settings page and choose Private under Team visibility.

What happens to objects that are associated with both a private and a public team?

The private visibility setting of a team takes precedence over its public visibility. If an object is assigned to two teams, one public and one private, the object will be visible to both teams only and won't be visible to members of other teams.

Such objects will be marked with the incognito icon in the list views.

Team Roles

When working with teams, we recommend keeping all global users that do not require elevated permissions on the Responder role and using team roles instead. For example, instead of assigning a user the User role as their base role, use the Responder role as their base and assign the user the team role User.

Team roles extend the permissions of base roles within the context of a team. For example, if you have been assigned the Responder role as your base role and have been assigned the Team User role within a team, you will be granted the permissions of the User role within that team.

Note that you cannot be assigned a less permissive team role than your base role in a public team. For example, if your base role is User, you cannot be assigned the Team Responder role within a public team. However, this is not the case for private teams. The team roles in private take precedence over base roles. E.g., if your base role is User, you can be assigned Team Responder permissions in a private team.

The following team roles are available:

  • Stakeholder

  • Team Responder

  • Team User

  • Team Admin

Global stakeholder users cannot be assigned more permissive roles within a team.

Resource ownership adjustments

Adding or removing ownership (describing the assignment of a resource to a team) is only allowed if the operating user is a member of the team (referred to in the ownership) with write level team permissions. This accounts for all global user roles, except for admins and account owners. A resource delete operation is, in this case, equal to a removal of all ownerships.

An example to put this axiom into action:

A user (with global User role) that is a member of Team1 (with team role User) is not able to delete an alert source that is owned by Team1 and Team2. Because he is neither an Admin nor a write-level team member of Team2. He may only remove the ownership of Team1 of which he is a team member, and leave the resource ownership solemnly to Team2.

Resource Visibility

An administrator with the All teams filter sees all alert sources in the account.

A user of the Mobility team with an active specific team filter only sees the alert sources of his interest.

Resources and users of public teams, are shown to all users with read permissions.

Unassigned resources (without any owners / teams) are treated as public resources.

User Visibility

Alert Visibility

An alert is visible to a user in a team context if

  • its alert source is part of the team context or

  • its escalation policy is part of the team context or

  • if the current user is subscribed to the alert as stakeholder

  • it's assigned to the current user directly

This way alerts may still be shared across team contexts or re-assigned by higher level permission users to ensure the most flexible workflow for your users in any scenario.

Data Visibility in Report

The current team context will automatically be reflected in alert, on-call and notification reports. Meaning that the selected team filter will have a direct impact on the shown resources in the report, as well as the user permissions on the data accessible in any shared reports.

Further restriction of resource permissions to a user will reflect onto shared report urls even after they are created e.g. when hiding an alert source from a user by placing it in a private team without his access, the shared alert report will also hide the alerts from this alert source automatically.

FAQ

When using ilert, am I required to configure teams?

No, you don't have to. Teams are meant to be an enhancement for larger organizations and enterprises to keep their users productive. When no teams are created in your account, the team-specific UI elements won't be shown, and you may use and share all resources globally across your account by default.

Why is there no Guest team role?

The Guest user is meant to be without global read permission per default—meaning only the membership of a team will grant him rights to see resources within the context of these teams. Therefore there is no reason to offer a non-read permissioned role on the team level.

What happens if I turn a private team to a public with team roles giving lesser permissions?

The roles giving lesser permission e.g. a global User with a Responder team role will be automatically changed so that the team role reflects the global role in our example this will give the global User the User team role (a warning will be shown on the settings page beforehand).

Is it possible to manage multiple teams that cannot see each other and their resources at all in the same account?

Absolutely. To achieve this, all users should have the global Responder role, while being placed in their specific teams with the User team role; this way users will always have to assign new resources to their team. Then all teams should be configured to be private, a user or resource should never be in more than one team; this way their contexts are completely separated. Do not forget to place the Account owner in its own private team to hide him from the others and to delete the Default escalation policy.

I am a Team Admin trying to add a user to my team but he does not appear in the users dropdown. What am I doing wrong?

Teams can be created by Admin users and the account owner. Existing team members may also be managed by users who have been elevated to Admins in the team itself (see ).

The permissions of team roles match the permissions of, except that they are limited to the team's context (meaning resources that this team has ownership of).

Besides plain resource read and write permissions which are based on and may be overwritten in a team context by the equivalent team roles, as described above in . The permission for the addition and removal of team ownership is validated under the following axiom:

User visibility is almost identical to the described behavior in Resource Visibility except it has less restrictions. In general, all users are public and can be seen by all roles except Guests. However, when a user is added as a member of a private team he becomes a private user. From now on, he is only visible to either users with elevated permissions e.g. Admins / Account Owners or members of the teams he is a member of.

If you are certain that the user you are searching for exists in your ilert organization and he does not appear in the dropdown - there is a good chance that you have no permission to access him. Most likely this is related to him already being a member of a private team, take a look .

Team Roles
global roles
Team roles
above
here
global roles