Configuring Teams

Create child teams under the root team and configure those teams to have different sets of permissions based on the needs of the respective team members. Every user in your organization is automatically a member of the root team and each inherits all the permissions of the root team. When you configure permissions in your organization, assign only permissions you want every user in the root team to have.

After you create child teams and assign permissions, you can add users to each of your teams according to what permissions the users in the team need.

Access Teams

Sign in to Anypoint Platform using an account that has the Organization Administrator permission.
In the navigation bar or the main Anypoint Platform page, click Access Management.
In the Access Management navigation menu, click Teams.

Create a Child Team

Organization Administrators for the root organization can create child teams at any business group level.

If you’re the Organization Administrator or maintainer for a business group, you can create child teams in the business group you have the Organization Administrator permission in and become the maintainer for that team.

All child teams inherit user permissions from their parent teams, and you can configure additional permissions.

Click Create Team.
Enter a unique and intuitive name for your child team.

You can use only alphanumeric characters, hyphens, underscores, and spaces. The character limit is 255.
Select a parent team.
Select Save.

Your new child team appears under its parent team in the list of teams. You can select any parent team in that list and navigate to its Child teams tab to see a list of all that parent team’s child teams.

After you create child teams and add any additional permissions needed for the team, you can invite new users to the team using email invitations or by using the Teams feature interface.

Manage Team Permissions

Your organization’s root team is Everyone at <Root Organization> and doesn’t have any permissions assigned. You must have the Organization Administrator permission in the root organization to add and configure permissions for the root team and all its child teams.

To manage child teams' permissions, you must have the Organization Administrator permission or be a maintainer in that team.

If you invite users to Everyone at <Root Organization> without assigning any permissions to that team, your users can’t execute tasks or view assets in your organization.

Add Permissions to Teams

Every user in your organization is automatically a member of the root team and each inherits all the permissions of the root team. When you add permissions in your organization, assign only permissions you want every user in the root team to have, for example, viewer permissions. Then add additional permissions to the child teams.

Click the team to configure permissions for.
Select the Permissions tab, and click Add Permissions.
Select the permissions to add and click Next.

The list of Permissions includes all permissions, even if they are already assigned to users. If you add a permission that’s already assigned, there is no effect.
Select the business groups and environments (if it’s enabled for the permission) to apply the permissions to and click Next.
Review the permissions and the business groups and environments they apply to, and then click Add Permissions.

View Team Permissions

The permissions you added to the team are listed in the Permissions tab for your team.

Select the team to view limits for.
Select the Permissions tab.
Switch on Show inherited permissions to see the permissions the child team inherited from its parent team.

View Team Permissions Limits

Each team, including the root team, has a Limits section that shows how close the team is to reaching limits imposed by Anypoint Platform.

Click the team to view limits for.
Select the Limits tab.

The number of permissions used might include internal permissions granted automatically by the system, which aren’t always visible in the UI.

For more information on limits in Access Management, see Limits.

Manage Team Users

If you have the Organization Administrator permission in your root organization, you can add users to existing teams using three methods:

The Teams feature interface
Sending an invitation to a new user via email
External group mapping

Add Users Via the Teams Interface

When you add a user to a team, you can select whether that user is a team maintainer or a team member. You must have the Organization Administrator permission or be a team maintainer yourself to modify team members and team maintainers. Team maintainers can manage only the teams and child teams they are maintainers for (not the root team).

Team maintainers can:

Change the team name
Add or remove members from the team
Add or remove additional team maintainers
Move the team under different parent teams they are teams maintainers for
Delete the team

You can designate a team maintainer to delegate team maintenance responsibilities to users without giving them full organization administrator permissions, or you can remove the team maintainer designation and convert users back to team members.

Sign in to Anypoint Platform using an account that is a team maintainer of the team you want to modify.
In the navigation bar or the main Anypoint Platform page, click Access Management.
In the Access Management navigation menu, click Teams.
If you are only a team maintainer and do not have other permissions that apply to your root organization, you are redirected to the Teams section of Access Management automatically.
In the Teams page, select the team to add a user to.
Click Add members.
Enter the name of each user to add to the team.
Select the membership type that you want to assign to each user:
- Member
  
  Team members receive the team’s permissions.
- Maintainer
  
  A user who is added as a team maintainer receives team maintainer permissions as soon as you confirm their membership.
Click Create.

Add Users Via Email Invitations

When you send an email to invite a new user to your organization, the user is automatically added to your organization’s root team. You can also specify additional teams to automatically add the user to.

For more information about inviting a user to an existing team via email, see Inviting a User to Anypoint Platform.

Add Users Via External Group Mapping

If you use single sign-on (SSO) using SAML, OIDC, or LDAP, you can map SSO users to teams. For more information, see Map SSO Users to Teams.

Change the Name of Your Team

Sign in to Anypoint Platform using an account that has the Organization Administrator permission or is a team maintainer of the team you want to modify.
In the navigation bar or the main Anypoint Platform page, click Access Management.
In the Access Management navigation menu, click Teams.
Click the Settings tab.
In Name, enter a new name for your team.

You can use only alphanumeric characters, hyphens, commas, periods, and spaces. The character limit is 255.
Click Save changes.

Your team is renamed.

Move Your Team

In the team to move, select Settings.
In Parent Team, select the new parent team.
Click Save Changes.

Your team and its child teams now reside under the parent team you selected.

Delete a Team

You must have the Organization Administrator permission to delete a team. After you delete a team, the team can’t be restored. You can’t delete the root team that represents your entire root organization.

Sign in to Anypoint Platform using an account that has the root Organization Administrator permission.
In the navigation bar or the main Anypoint Platform page, click Access Management.
Click … next to the team that you want to delete.
Select Delete….
Enter the name of the team that you want to delete and click Delete.