What are organizations and projects?

In redirection.io, organizations are groups of people, who can collaborate on several projects at once.

  • the Rules are gathered in projects ;
  • a project belongs to one organization ;
  • a given user can belong to several organizations. In each of these organizations, he can be given specific permissions.

Organizations may include an unlimited number of collaborators, and allow to give specific project permissions to their members.

In an organization, a project is usually mapped to a website, even though you may want to separate various parts of your website into several redirection.io projects, in order to have a fine-grained permissions control.

For example, imagine that your web platform is an international websites, which contains the local websites of all your geographical regions. This is usually made using subdomains (eg. de.example.com, fr.example.com, uk.example.com, etc.), or paths within the URL (eg. example.com/de, example.com/fr, example.com/uk, etc.). If you need or want to delegate the redirections management to the local marketing teams, in each country, you can create an organisation "example.com", then create as many redirection.io projects as there are geographical entities.

As another example, your company will want to create separate redirection.io projects for its dedicated brands websites, even if the same people are managing these websites rules. This allows for a neat separation of traffic data across websites, and helps performing better traffic analysis and redirect rules management.

You can still manage several websites in one redirection.io project, but remember that the users in this project will be able to edit the rules for all the websites. If you have a requirement on permissions, then the way to go is to use several redirection.io projects.

Organization permissions

At the organization level, there are three different roles:

  • simple member
  • members with financial responsibilities
  • organization administrator

Member role

The member role only provides a few permissions. A "member" can :

  • see the list of the organization users
  • see the list of the projects they are explicitly attached to.

If you do not grant an organization member an explicit role to any of the organization projects, they will see an empty projects list, and will not be able to contribute.

Financial role

The Financial role is specifically tailored for people who should have access to billing and invoicing information, but should not be allowed to changed the project settings, the rulesets, etc. In details, a user with the "Financial" role will get all the “Member” permissions, plus:

  • they can edit the billing information of the organization
  • they can see the list of all the projects of the organization
  • they can upgrade projects to paid plans

Administrator role

Users with the organization administrator role have a complete administrative access to the entire organization and projects.

  • they can create, delete, upgrade projects
  • they can invite or remove users
  • they can edit the billing information
  • they can edit or delete the organization

The organization admin role is quite powerful, and should only be restricted to a few contacts in your organization.

Project permissions

At the project scale, there are different permission levels:

  • Reader
  • Contributor
  • Publisher
  • Project administrator

Of course, a specific organization member can be given the Reader role in one of the projects of the organization, and the Publisher role in another project.

Project reader

A project reader may only read data, which means that they can:

  • see and export the trafic logs
  • see and export the rules
  • see and export the crawls
  • see the list of instances
  • see the list of the project users

A member with the "Reader" role is not allowed to edit project settings, to created rules or to manage the project.

Project contributor

A project contributor can perform write actions on rules or crawls, but cannot manage the project settings nor publish rulesets. In details, they can:

  • create, edit or remove rules in draft mode
  • start/cancel/stop a crawl
  • remove an instance

Project publisher

A project publisher can perform write actions on rules or crawls, manage the project rules settings and publish rulesets, but cannot manage user permissions, billing or the project deletion. In details, they have all the Contributor permissions, plus they can:

  • edit the rules settings
  • publish a new ruleset

Project administrator

A project administrator can perform write actions on the project and manage all the project settings, including the users permissions, the billing and project upgrade, and the deletion of the project. In details, they can:

  • rename or delete the project
  • manage the project billing
  • invite or remove users

Restricting the permissions of a project member using the segmentation

This feature is only available in "Pro" plan projects.

In "Pro" plan projects, project administrators can restrict the "contributor" and "publisher" roles to some project segments only.

This might be useful in several cases. For example, if your website contains several national sections, with separate marketing teams, you could want to restrict the permissions of the French team only to URLs starting with /fr or ://fr.example.com/, the German team to URLs starting with /de or ://de.example.com/, etc. In other words, if you need separate teams to be able to operate on separate parts of your website traffic, you can attach segments to your team members to prevent them modifying the rules of other teams.

Attaching a segment can be done when inviting a collaborator, or once the invitation has been accepted:

  1. member restrictions attachmentGo to the "members" tab, on the project settings screen. Hit the "Invite another user", and choose either the "Contributor" or "Publisher" role. The "Segments restrictions" dropdown appears and lets you choose one or more segments that must be attached to this user once the invitation will be accepted.
  2. restricted members listThe segments are displayed on the members list
  3. rule creation when a restriction is in useA user with segment restrictions will only be allowed to create rules for which the "Source URL" starts with one of its segments contraints.

Segment-restricted users have limited actions:

  • they cannot create or edit rules for which the Source URL does not match their segment restrictions
  • they cannot mark for deletion rules that are not part of their segments
  • a Publisher with segment restriction can only publish rules within their segment. If some draft rules are not part of the Publisher segment, they won't be published, and will remain untouched
  • a Publisher with segment restrictions cannot rollback to a previous version of the ruleset, as this could introduce changes outside his segment restrictions

However, a segment-limited user will still be able to see all rules, even those that are not part of their segment.

Create a new organization

You can create a new organization when you first log into the manager or later, using the organization dropdown menu:

  1. redirection.io project dashboardclick on the "Add new" button in the organization dropdown menu
  2. organization creation formfill the form and use your shiny new organization ✨

Create a new project

You can create a new project when you first log into the manager or later, from the organization dashboard:

  1. Organization dashboardVisit your organization dashboard
  2. redirection.io project dashboardclick on the "Add a new project" button
  3. project creation formfill the form and use your shiny new project ✨

Organization settings

When hitting the organization name, in the upper left corner of the manager, you can access the organization settings, which allow the organization administrators to perform several administrative tasks:

  • rename or delete the organization ;
  • read the audit trail of the organization ;
  • configure some security and notification settings.

Audit log

Under the "Audit Log" tab, organization administrators can find which important events occurred in their organization lately.

The redirection.io audit trail

We are logging a wide range of events to help administrators monitor what happens in their redirection.io organization and ensure the highest level of traceability:

  • invitations, at the organization or projects level ;
  • changes in the role of a user within the organization or within a project ;
  • rules publication ;
  • changes in project settings ;
  • creation of a public API token ;
  • administrative operations performed on the organization or one of its projects (renaming / deleting / etc.) ;
  • billing-related operations (plan upgrade or downgrade, etc.).

Security

Under the "Security" tab, organization administrators have some tools to restrict the authentication methods that can be used to access their organization.

The organization security settings

For example, they can:

  • choose to enforce Two-factor authentication for all the members across the organization;
  • disable Password-based and Google Oauth authentication;
  • completely disable external authentication providers;
  • etc.

Restrict Authorized Authentication Ways

The security policy of some companies sometimes does not allow access to company assets without authenticating using a specific mean of authentication (an enterprise SSO, for example).

Security settings allow you to disable certain authentication ways, in order to prevent users from accessing your organization if they are not currently using one of the authorised means of authentication.

For example, uncheck the "Enable email / password authentication" option so that members of your organization can only access the organization's projects when they're logged in using Google or Microsoft Auth.

Enforce Two-Factor Authentication (2FA)

When the "Require two-factor authentication" option is on, all the users who do not have two-factor authentication enabled in their personal account won’t be able to access the organization until they configure 2FA.

Please note that this setting does not affect users who log in exclusively using an external identity provider (eg., Google, Microsoft, ...). Also, if a user usually logs in using an external identity provider, and has also defined a password in his account, he will have to enable 2FA to regain access to this organization.

Project settings

Within a project, the last item of the left left menu contains the project settings. Several actions are possible using these settings:

  • rename the project ;
  • change the ruleset settings ;
  • configure the project notifications ;
  • manage the project members and their permissions ;
  • upgrade or downgrade the project plan.

Renaming a project

In your project, under Settings > General, it is possible to rename or delete a project.

Configuring project notifications

redirection.io provides a notification center that can help your collaborators get aware when some event occur in your project:

  • a crawl is started or completed;
  • a rules import is completed;
  • a new ruleset is published.

Notifications can be sent through several notification channels: email, to a Slack channel, or to a webhook URL. Read more about how to configure notifications in your redirection.io project.

This page has been updated on September 26th, 2024.
Can't find your answer?