Teams
Table of contents
Overview
The CloudBeaver provides a team management feature, allowing administrators to create and manage teams. This feature is integral for organizing users into groups and controlling their access to various databases.
Team creation
To create a new team, follow these steps:
- Navigate to the Settings -> Administration -> Access Management -> Teams.
- Click on the + Add button.
- Fill in the necessary details in the provided fields.
| Field Name | Description | Additional Info |
|---|---|---|
| Team ID | A unique identifier for the team. | |
| Team Name | The name of the team. | |
| Description | A brief description of the team and its purpose. | |
| Permissions | Specifies the level of access the team has. | Admin Full Access checkbox provides complete access to CloudBeaver configuration. |
| Parameters | Additional parameters based on the authentication provider. | Read more about . |
Note:
- The Parameters section is available in Enterprise, AWS and Team editions only and becomes accessible when configuring certain authentication providers.
- In CloudBeaver Team Edition, Permissions are set through assigned Roles.
Predefined Team types
CloudBeaver includes two predefined Team types:
| Types | Description |
|---|---|
admin | Members of this Team have full administrative privileges within CloudBeaver. |
user | This Team is for regular users. Administrators assign access to databases (in Team Edition, access to projects) to this team. |
Integration with Identity Providers
You have the ability to integrate Teams with various identity providers. This integration allows for the utilization of roles and groups defined by your identity provider to manage Team memberships automatically.
Configuration steps
- When creating or editing a Team, navigate to the Parameters section.
- Here, depending on your identity provider, you can associate the Team with a specific identity attribute:
| Provider | Attribute | Related articles |
|---|---|---|
| AWS | AWS Role ARN | AWS OpenID, AWS OpenID via Okta |
| SAML | SAML Group ID | SAML configuration |
| Microsoft Entra ID | Microsoft Entra ID Group ID | Microsoft Entra ID |
| Okta OpenID | OKTA Group ID | Okta OpenID |
Automatic membership management
Once the integration is set up, whenever a user authenticated by the configured identity provider logs into CloudBeaver, the application will check for matching identity attributes. If there is a match with any of the defined parameters within CloudBeaver's Teams, the user will be automatically assigned to the appropriate Team.
Updating Team memberships
For the changes to take effect, especially in cases where group memberships are updated:
- Users may need to log off and log back in through the Single Sign-On (SSO).
- Alternatively, users can wait for the session to timeout.
These actions ensure that the updated claims from the identity provider are received by CloudBeaver, thereby refreshing the Team memberships.
User management
In the Users tab, you can manage Team memberships:
- To add a user to the Team, click Edit, select the desired users, and then click Add.
- To remove a user from the Team, select the user and click Delete.
Tip: One user can be a member of a multiple Teams.
Connection management
In the Connections tab, you can manage which connections are available to the Team:
- To add connections to the Team, click Edit, choose the desired connections, and then click Add.
- To remove connections from the Team, select the connection and click Delete.
Note: In Team Edition, teams are granted access to projects, not directly to connections.