iLert Documentation
WebsiteAPI ReferenceLoginFree Trial
Search…
Getting Started
Core concepts
On-call schedules
iLert domains, ips, emails & phone numbers
FAQ
Incident comms
Getting started
Services
Incidents
Status pages
User Administration
User roles and permissions
Team-based organisation
Single sign on
🔐
Two-factor authentication / MFA
Call Routing
Getting started with call routing
Routing calls based on support hours
Voicemail only mode
Managing call routing alerts
Adding webhooks and outbound chat messages
Uploading custom audio responses
Uptime & Heartbeat Monitors
Uptime Monitoring
Heartbeat Monitoring
REST API
iLert REST API
API Version History
Rate Limiting
Client Libraries
Terraform
API Samples
🔥
Developing iLert Apps
🪝
Application Hooks
Integrations
Amazon CloudWatch Integration
Amazon EventBridge Integration
Amazon SNS Integration
Azure Alerts Integration
API Fortress Integration
AppDynamics Integration
AppSignal Integration
AWS Budget Integration
AWS GuardDuty Integration
AWS Lambda Integration
AWS Personal Health Dashboard Integration
Autotask Integration
Auvik Integration
Azure Function Integration
Checkmk Integration
Cisco Webex
Cloudflare Integration
Connectwise Manage Integration
Cortex XSOAR (formerly Demisto) Integration
CrowdStrike Integration
Datadog Integration
Discord Integration
DingTalk Integration
Dynatrace Integration
Email Integration
Email Outbound Integration
FreshService Integration
GitHub Integration
GitLab Integration
Google Cloud Function Integration
Google Cloud Monitoring (formerly Stackdriver) Integration
Grafana Integration
HashiCorp Consul
Humio Integration
IBM Cloud Functions Integration
Icinga Integration
Instana Integration
IXON Cloud Integration
Jira Integration
JumpCloud Integration
Kapacitor Integration
Kentix AlarmManager
Kubernetes Integration
Lightstep Integration
Mattermost Integration
Microsoft Teams Integration
MongoDB Atlas Integration
MXToolBox Integration
N-central Integration
Nagios Integration
New Relic Integration
Oh Dear Integration
Pingdom Integration
Prometheus Integration
PRTG Network Monitor Integration
Push Notifications
Raygun Integration
Salesforce Integration
Search Guard Integration
Sematext Integration
Sensu Integration
Sentry Integration
Server Density
Samsara Integration
ServiceNow Integration
SignalFx Integration
Single Sign-On Setup
Slack Integration
SMS Integration
SolarWinds Integration
Splunk Integration
StatusCake Integration
StatusHub Integration
StatusPage Integration
Sumologic Integration
Sysdig Integration
TOPdesk Integration
Terraform Cloud / Terraform Enterprise
UptimeRobot Integration
Webhook Integration
Hyperping Integration
Prisma Cloud Integration
X-Pack Alerting (Elasticsearch Watcher) Integration
Zabbix Integration
Zammad Integration
Zapier Integration
Zendesk Integration
Zoom Integration
Contact us
iLert Release Notes
iLert Mobile Release Notes
Android Push Notification Configuration
Powered By GitBook
Team-based organisation
Create teams to manage access to resources and simplify the user interface to show only the alerts and resources relevant to a team.
iLerts flexible teams feature allows you to easily manage complex permission scenarios and keep the UI experience for your users and teams simple by only showing the resources owned by the selected team. It enables productivity while managing hundreds of alert sources and users, as well as hundred-thousands of alerts.

Team Filter

The team filter lets you switch between different team contexs. It gives you the following options depending on the corresponding teams existing in your account.
  • All teams essentially removes any filter and shows you all objects that you have permission to view, including those that are not associated with any teams
  • My teams shows you all objects of the teams that you are a member of
  • A specific team: selecting a specific team will show you all objects that are associated with the selected team
The team filter is located at the top right in the navigation bar:
In case your account requires a large amount of teams, the team filter will automatically collapse and include a search field to quickly navigation between different team views:
The team filter is also available in the mobile app:
The team filter selection is stored for each user and synced across devices - meaning users will always continue where they left off, even when changing from desktop to the mobile app.
Visibility of the team filter
The team filter will automatically disappear when the user has no selectable teams available. Pleaes note that the team filter has no effect in the team management UI, as all resources and users in the permission context of the current user may be assigned to the team.

Creating Teams

Teams can be created by Admin users and the account owner. Existing team members may also be managed by users that have been elevated to Admins in the team itself (see Team Roles).
To create a new team, navigate to the list view using the Teams link in the settings navigation menu.
Click on Add new team, enter a name for your new team and use the Create team button to create it.
You may now add new members or resources to the team.
You may also directly manage the team ownerships of resources in their edit views, for example alert sources:
In case no teams are available for the current user (with included write permission) the team selector may not appear in the edit views.

Private Teams

You may choose to create a private team, which allows you to restrict visibility of the team and its associated objects (including users) to the team members. Note that global admins and the account owner will be able to see the data of a private team, even if they are not a member of the team.
To make a team private, navigate to the team's setting page and chose Private under Team visibility.
What happens to objects that are associated with both a private and a public team?
The private visibility setting of a team takes precedence over its public visibility. That is, if an object is assinged to two teams, one public and one private, the object will be visible to both teams only and won't be visible to members of other teams.
Such objects will be marked with the icognito icon in the list views.

Team Roles

When working with teams, we recommend to keep all global users that do not require elevated permissions on the Responder role and use team roles instead. For example, instead of assigning a user the User role as their base role, use the Responder role as their base and assign the user the team role User.
Team roles extend the permissions of base roles within the context of a team. For example if you have been assigned the Responder role as your base role, and have been assigned the Team User role within a team, you will be granted the permissions of the User role within that team.
Note that you cannot be assigned a less permissive team role than your base role in a public team. For example if your base role is User, you cannot be assigned the Team Responder role within a public team. However, this is not the case for private teams. The team roles in a private take precedence over base roles. E.g. if your base role is User, you can be assigned Team Responder permissions in a private team.
The following team roles are available:
  • Stakeholder
  • Team Responder
  • Team User
  • Team Admin
The permissions of team roles match the permissions of global roles, except that they are limited to the team's context (meaning resources that this team has ownerships of).
Global stakeholder users cannot be assigned more permissive roles within a team.

Resource ownership adjustments

Besides plain resource read and write permissions which are based on global roles and may be overwritten in a team context by the equivalent team roles, as described above in Team roles. The permission for addition and removal of team ownerships is validated under the following axiom:
Adding or removing an ownership (describing the assignment of a resource to a team) is only allowed if the operating user is member of the team (referred in the ownership) with write level team permissions. This accounts to all global user roles, except for admins and account owners. A resource delete operation is in this case equal to a removal of all ownerships.
An example to put this axiom into action:
A user (with global User role) that is a member of Team1 (with team role User) is not able to delete an alert source that is owned by Team1 and Team2. Because he is neither an Admin nor a write-level team member of Team2. He may only remove the ownership of Team1 of which he is a team member and leave the resource ownership solemnly to Team2.

Resource Visibility

An administrator with the All teams filter sees all alert sources in the account.
A user of the Mobility team with active specific team filter only sees the alert sources of his interest.
Resources and users of public teams, are shown to all users with read permissions.
Unassigned resources (without any owners / teams) are treated as public resources.

User Visibility

User visibility is almost identical to the described behaviour in Resource Visibility above except it has less restrictions. In general all users are public and can be seen by all roles excepts Guests. However when a user is added as member of a private team he becomes a private user. From now on, he is only visible to either users with elevated permissions e.g. Admins / Account Owners or members of the teams he is a member of.

Alert Visibility

An alert is visible to a user in a team context if
  • its alert source is part of the team context or
  • its escalation policy is part of the team context or
  • if the current user is subscribed to the alert as stakeholder
  • it's assigned to the current user directly
This way alerts may still be shared across team contexts or re-assigned by higher level permission users to ensure the most flexible workflow for your users in any scenario.

Data Visibility in Report

The current team context will automatically be reflected in alert, on-call and notification reports. Meaning that the selected team filter will have a direct impact on the shown resources in the report, as well as the user permissions on the data accessible in any shared reports.
Further restriction of resource permissions to a user will reflect onto shared report urls even after they are created e.g. when hiding an alert source from a user by placing it in a private team without his access, the shared alert report will also hide the alerts from this alert source automatically.

FAQ

When using iLert am I required to configure teams?

No you don't have to. Teams are meant to be an enhancement for larger organizations and enterprises to keep their users productive. When no teams are created in your account, the team specific ui elements wont be shown and you may use and share all resources globally across your account by default.

Why is there no Guest team role?

The Guest user is ment to be without global read permission per default - meaning only the membership of a team will grant him rights to see resources within the context of these teams. Therefore there is no reason to offer a non-read permissioned role on the team level.

What happens if I turn a private team to public with team roles giving lesser permissions?

The roles giving lesser permission e.g. a global User with a Responder team role will be automatically changed so that the team role reflects the global role in our example this will give the global User the User team role (a warning will be shown on the settings page beforehand).

Is it possible to manage multiple teams that cannot see each other and their resources at all in the same account?

Absolutely. To achieve this, all users should have the global Responder role, while being placed in their specific teams with the User team role, this way users will always have to assign new resources to their team.Then all teams should be configured to be private, a user or resource should never be in more than one team, this way their context are completely separated. Do not forget to place the Account owner in its own private team to hide him from the others and to delete the Default escalation policy.

I am a Team Admin trying to add a user to my team but he does not appear in the users dropdown. What am I doing wrong?

If you are certain that the user you are searching for exists in your iLert organization and he does not appear in the dropdown - there is a good chance that you have no permission to access him. Most likely this is related to him already being a member of a private team, take a look here.
User Administration - Previous
User roles and permissions
Next - User Administration
Single sign on
Last modified 6mo ago
Copy link
Edit on GitHub
Contents
Team Filter
Creating Teams
Private Teams
Team Roles
Resource ownership adjustments
Resource Visibility
User Visibility
Alert Visibility
Data Visibility in Report
FAQ
When using iLert am I required to configure teams?
Why is there no Guest team role?
What happens if I turn a private team to public with team roles giving lesser permissions?
Is it possible to manage multiple teams that cannot see each other and their resources at all in the same account?
I am a Team Admin trying to add a user to my team but he does not appear in the users dropdown. What am I doing wrong?