From a8b3e2341aed84c357ce4497f59b58144caa2ff3 Mon Sep 17 00:00:00 2001 From: Paul Cornell Date: Fri, 10 Oct 2025 17:27:25 -0700 Subject: [PATCH 1/7] IdP integration --- docs.json | 7 ++ enterprise/idp/overview.mdx | 57 +++++++++++++++ enterprise/idp/ui.mdx | 140 ++++++++++++++++++++++++++++++++++++ 3 files changed, 204 insertions(+) create mode 100644 enterprise/idp/overview.mdx create mode 100644 enterprise/idp/ui.mdx diff --git a/docs.json b/docs.json index 9a6c4d29..a6ca10de 100644 --- a/docs.json +++ b/docs.json @@ -317,6 +317,13 @@ "enterprise/security-compliance/overview" ] }, + { + "group": "IdP integration", + "pages": [ + "enterprise/idp/overview", + "enterprise/idp/ui" + ] + }, { "group": "AWS", "pages": [ diff --git a/enterprise/idp/overview.mdx b/enterprise/idp/overview.mdx new file mode 100644 index 00000000..b7c0103c --- /dev/null +++ b/enterprise/idp/overview.mdx @@ -0,0 +1,57 @@ +--- +title: IdP overview +sidebarTitle: Overview +--- + + + The following information applies only to dedicated instance and in-VPC deployments of [Unstructured Enterprise](/enterprise/overview). + + IdP integration is not available for Unstructured **Starter** or **Team** accounts. + + +An _identity provider_ (IdP) is a service that manages and verifies the digital identities of users. +It authenticates who a user is and provides that information to other systems (known as _service providers_) to control access. +You can connect your organization's IdP to Unstructured so you can manage who has access across all your connected systems from one place. +Instead of having to manually create and manage user accounts and roles within your Unstructured account, Unstructured can use your organization's IdP to determine +things such as: + +- Who can sign in to your Unstructured account. +- Which roles and permissions they should have within your Unstructured account. +- Revoking access to your Unstructured account—for example, when someone leaves your organization. + +## Supported IdPs + +Unstructured supports IdPs that use any of the following protocols: + +- Keycloak OpenID Connect +- OpenID Connect v1.0 +- SAML 2.0 + +## IdP groups + +_IdP groups_ are collections of users defined within your IdP—for example, an Engineering group, a Marketing group, or an +Administrators group. Unstructured can use your IdP groups to automatically assign roles and permissions within your Unstructured account +at the account level and for each of your account's workspaces. + +## Roles + +_Roles_ are the sets of permissions that Unstructured can assign to your IdP groups—as well as to individual users within your Unstructed account, if needed— through +a common security best-practice technique called _role-based access control_ (RBAC). Unstructured has two kinds of roles: + +- **Account roles**: These roles include **Super Administrator**, **Account Member**, and **Billing Administrator**. They apply at the account level. +- **Workspace roles**: These roles include **Workspace Administrator**, **Developer**, **Operator**, and **Viewer**. They apply to each of your account's workspaces. + +[Learn more about these roles](/ui/account/roles). + +## Getting started + +To have Unstructured connect your organization's IdP to your Unstructured account, contact your assigned +Unstructured Account Executive (AE) or Customer Success Manager (CSM). If you do not know who your assigned AE or CSM is, +email Unstructured Support at [support@unstructured.io](mailto:support@unstructured.io). + +## Next steps + +After Unstructured has connected your organization's IdP to your Unstructured account, you can manage access by your IdP groups and individual users to your +Unstructured account and its workspaces. To do this, you can use your +Unstructured account's user interface (UI). For details, see +[IdP management with the Unstructured UI](/enterprise/idp/ui). \ No newline at end of file diff --git a/enterprise/idp/ui.mdx b/enterprise/idp/ui.mdx new file mode 100644 index 00000000..f7a85095 --- /dev/null +++ b/enterprise/idp/ui.mdx @@ -0,0 +1,140 @@ +--- +title: IdP management with the Unstructured UI +sidebarTitle: UI +--- + + + The following information applies only to dedicated instance and in-VPC deployments of [Unstructured Enterprise](/enterprise/overview). + + IdP integration is not available for Unstructured **Starter** or **Team** accounts. + + +The following information assumes that Unstructured has already connected your organization's IdP to your Unstructured account. +For more information, see [Getting started](/enterprise/idp/overview#getting-started). + +## Add an IdP group to your Unstructured account + +1. If you are not already signed in, sign in to your Unstructured account. +2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that you want to add the IdP group to. + +You can now assign roles to your newly added IdP group. These roles set the appropriate level of access by your +IdP group to your Unstructured [account]() and to each of your account's [workspaces](). + +## Assign an account role to an IdP group + +This procedure assumes you have already added the IdP group to your Unstructured account. [Learn how](#add-an-idp-group-to-your-unstructured-account). + +1. If you are not already signed in, sign in to your Unstructured account. +2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that the IdP group belongs to. + +The account role's permissions are enabled for each of the IdP group's existing users the next time they sign in to your +Unstructured account. Whenever you add a user to the IdP group, they get the associated account role's permissions the next time they +sign in. If a user is already signed in but is not getting the permissions they expect, the user should try signing out and then signing back in again. +If you remove a user from the IdP group, the associated account role's permissions are revoked for them the next time they sign in. + +## Add an IdP group to a workspace + +This procedure assumes you have already added the IdP group to your Unstructured account. [Learn how](#add-an-idp-group-to-your-unstructured-account). + +## Assign a workspace role to an IdP group + +This procedure assumes you have already added the IdP group to your Unstructured account. [Learn how](#add-an-idp-group-to-your-unstructured-account). + +1. If you are not already signed in, sign in to your Unstructured account. +2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that contains the workspace. +3. In the workspace selector, select the name of the workspace that you want to add a member to. + +The workspace role's permissions are enabled for each of the IdP group's existing users the next time they sign in to your +Unstructured account. Whenever you add a user to the IdP group, they get the associated workspace role's permissions the next time they +sign in. If a user is already signed in but is not getting the permissions they expect, the user should try signing out and then signing back in again. +If you remove a user from the IdP group, the associated workspace role's permissions are revoked for them the next time they sign in. + +## Change a workspace role for an IdP group + +This procedure assumes you have already assigned a workspace role to the IdP group. [Learn how](#assign-a-workspace-role-to-an-idp-group). + +1. If you are not already signed in, sign in to your Unstructured account. +2. In the top navigation bar, ... + +## Change an account role for an IdP group + +This procedure assumes you have already assigned an account role to the IdP group. [Learn how](#assign-an-account-role-to-an-idp-group). + +1. If you are not already signed in, sign in to your Unstructured account. +2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that the IdP group belongs to. + +## Add an individual user to your Unstructured account + +1. If you are not already signed in, sign in to your Unstructured account. +2. In the top navigation bar, ... + +## Assign an account role to an individual user + + + An account role that is assigned to an individual user always overrides any account role that is assigned to any IdP group to which that user belongs. + This override happens the next time they sign in to your Unstructured account. + + +This procedure assumes you have already added the individual user to your Unstructured account. [Learn how](#assign-an-individual-user-to-your-unstructured-account). + +1. If you are not already signed in, sign in to your Unstructured account. +2. In the top navigation bar, ... + +## Assign a workspace role to an individual user + + + A workspace role that is assigned to an individual user always overrides any workspace role that is assigned to any IdP group to which that user belongs. + This override happens the next time they sign in to your Unstructured account. + + +This procedure assumes you have already added the individual user to your Unstructured account. [Learn how](#assign-an-individual-user-to-your-unstructured-account). + +1. If you are not already signed in, sign in to your Unstructured account. +2. In the top navigation bar, ... + +## Remove a workspace role from an individual user + + + After you remove a workspace role from an individaul user, any workspace role that is assigned to any IdP group to which that user belongs will then be applied. + This happens the next time they sign in to your Unstructured account. + + +This procedure assumes you have already assigned a workspace role to the individual user. [Learn how](#assign-a-workspace-role-to-an-individual-user). + +1. If you are not already signed in, sign in to your Unstructured account. +2. In the top navigation bar, ... + +## Remove an account role from an individual user + + + After you remove an account role from an individaul user, any account role that is assigned to any IdP group to which that user belongs will then be applied. + This happens the next time they sign in to your Unstructured account. + + +This procedure assumes you have already assigned an account role to the individual user. [Learn how](#assign-an-account-role-to-an-individual-user). + +1. If you are not already signed in, sign in to your Unstructured account. +2. In the top navigation bar, ... + +## Remove a workspace role from an IdP group + +This procedure assumes you have already assigned a workspace role to the IdP group. [Learn how](#assign-a-workspace-role-to-an-idp-group). + +1. If you are not already signed in, sign in to your Unstructured account. +2. In the top navigation bar, ... + +## Remove an account role from an IdP group + +This procedure assumes you have already assigned an account role to the IdP group. [Learn how](#assign-an-account-role-to-an-idp-group). + +1. If you are not already signed in, sign in to your Unstructured account. +2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that the IdP group belongs to. + + +## Remove an IdP group from your Unstructured account + +This procedure assumes you have already added the IdP group to your Unstructured account. [Learn how](#add-an-idp-group-to-your-unstructured-account). + +1. If you are not already signed in, sign in to your Unstructured account. +2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that the IdP group belongs to. + From 9b9c9dcfc1dbca36217a2faf721ca4f94bb37ac4 Mon Sep 17 00:00:00 2001 From: Paul Cornell Date: Tue, 14 Oct 2025 11:43:27 -0700 Subject: [PATCH 2/7] Added more content based on design spec --- enterprise/idp/overview.mdx | 2 +- enterprise/idp/ui.mdx | 176 +++++++++++++++++++++++------------- 2 files changed, 116 insertions(+), 62 deletions(-) diff --git a/enterprise/idp/overview.mdx b/enterprise/idp/overview.mdx index b7c0103c..d9451735 100644 --- a/enterprise/idp/overview.mdx +++ b/enterprise/idp/overview.mdx @@ -35,7 +35,7 @@ at the account level and for each of your account's workspaces. ## Roles -_Roles_ are the sets of permissions that Unstructured can assign to your IdP groups—as well as to individual users within your Unstructed account, if needed— through +_Roles_ are the sets of permissions that Unstructured can assign to your IdP groups—as well as to individual users separately within your Unstructed account, if needed— through a common security best-practice technique called _role-based access control_ (RBAC). Unstructured has two kinds of roles: - **Account roles**: These roles include **Super Administrator**, **Account Member**, and **Billing Administrator**. They apply at the account level. diff --git a/enterprise/idp/ui.mdx b/enterprise/idp/ui.mdx index f7a85095..9d6f5adc 100644 --- a/enterprise/idp/ui.mdx +++ b/enterprise/idp/ui.mdx @@ -16,125 +16,179 @@ For more information, see [Getting started](/enterprise/idp/overview#getting-sta 1. If you are not already signed in, sign in to your Unstructured account. 2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that you want to add the IdP group to. +3. TODO: Describe how to go to the account's **Identity Provider Groups** page. +4. Click **New Group**. +5. On the **Connect Group** page, for **Identity Provider Group**, type the name of the IdP group that you want to add, and then click **Continue**. -You can now assign roles to your newly added IdP group. These roles set the appropriate level of access by your -IdP group to your Unstructured [account]() and to each of your account's [workspaces](). + + You must type the name of the IdP group exactly as it appears in your IdP. Otherwise, Unstructured will not be able to + successfully complete the connection to that IdP group through your IdP. + -## Assign an account role to an IdP group +6. On the **Assign Role** page, for **Account Role**,select the name of the [organizational account role](/ui/account/roles#organizational-account-roles) that you want to assign to the IdP group for this + organizational account, and then click **Continue**. +7. On the **Assign Workspaces** page, for **Workspaces and permissions**, select each workspace—and the + [workspace role](/ui/account/roles#workspace-roles) for that workspace—that you want to assign to the IdP group, and then click **Add**. -This procedure assumes you have already added the IdP group to your Unstructured account. [Learn how](#add-an-idp-group-to-your-unstructured-account). + + You can also create a new workspace here—and assign the IdP group to it with a workspace role at the same time—by clicking **Add Workspace**. + -1. If you are not already signed in, sign in to your Unstructured account. -2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that the IdP group belongs to. +8. Click **Save Group**. -The account role's permissions are enabled for each of the IdP group's existing users the next time they sign in to your -Unstructured account. Whenever you add a user to the IdP group, they get the associated account role's permissions the next time they -sign in. If a user is already signed in but is not getting the permissions they expect, the user should try signing out and then signing back in again. -If you remove a user from the IdP group, the associated account role's permissions are revoked for them the next time they sign in. +The account and workspace roles' permissions are enabled for each of the IdP group's existing users the next time they sign in to your +Unstructured account. -## Add an IdP group to a workspace +Whenever you add a user to the IdP group, they get the associated account and workspace roles' permissions the next time they +sign in to your Unstructured account. -This procedure assumes you have already added the IdP group to your Unstructured account. [Learn how](#add-an-idp-group-to-your-unstructured-account). +If a user is already signed in to your Unstructured account but is not getting the permissions they expect, the user should try signing out of your Unstructured account and then signing back in again, to get those permissions. -## Assign a workspace role to an IdP group +If you remove a user from the IdP group, the associated account and workspace roles' permissions are revoked for them the next time they sign in to your Unstructured account. + +## Add an IdP group to a workspace This procedure assumes you have already added the IdP group to your Unstructured account. [Learn how](#add-an-idp-group-to-your-unstructured-account). 1. If you are not already signed in, sign in to your Unstructured account. 2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that contains the workspace. -3. In the workspace selector, select the name of the workspace that you want to add a member to. - -The workspace role's permissions are enabled for each of the IdP group's existing users the next time they sign in to your -Unstructured account. Whenever you add a user to the IdP group, they get the associated workspace role's permissions the next time they -sign in. If a user is already signed in but is not getting the permissions they expect, the user should try signing out and then signing back in again. -If you remove a user from the IdP group, the associated workspace role's permissions are revoked for them the next time they sign in. +3. In the top navigation bar, in the workspace selector, select the name of the workspace. +4. On the **Members** tab, click **Add New**, and then click **Add New IdP Group**. +5. Select the IdP group to add and its [workspace role](/ui/account/roles#workspace-roles) for this workspace, and then click **Save Changes**. ## Change a workspace role for an IdP group -This procedure assumes you have already assigned a workspace role to the IdP group. [Learn how](#assign-a-workspace-role-to-an-idp-group). +This procedure assumes you have already added the IdP group to your Unstructured account and the workspace within that account. [Learn how](#add-an-idp-group-to-your-unstructured-account). 1. If you are not already signed in, sign in to your Unstructured account. -2. In the top navigation bar, ... +2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that contains the workspace. +3. In the top navigation bar, in the workspace selector, select the name of the workspace. +4. On the **Members** tab, click the ellipsis (three dots) next to the name of the IdP group. +5. Click **Edit Permissions**. +6. TODO: Describe how to finish changing the IdP group's workspace role. ## Change an account role for an IdP group -This procedure assumes you have already assigned an account role to the IdP group. [Learn how](#assign-an-account-role-to-an-idp-group). +This procedure assumes you have already added the IdP group to your Unstructured account. [Learn how](#add-an-idp-group-to-your-unstructured-account). 1. If you are not already signed in, sign in to your Unstructured account. -2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that the IdP group belongs to. +2. In the top navigation bar, in the organizational account selector, select the name of the organizational account. +3. TODO: Describe how to go to the account's **Identity Provider Groups** page. +4. Select the name of the IdP group. +5. Next to **Account Role**, click the edit (pencil) icon. +6. Select the new [organizational account role](/ui/account/roles#organizational-account-roles) for the IdP group. + +## Add individual users to your Unstructured account -## Add an individual user to your Unstructured account +Unstructured recommends that you add IdP groups to your Unstructured account, instead of adding individual users. +Managing IdP groups can be easier, faster, and less error-prone than managing individual users. +However, if you must add individual users to your Unstructured account, you can do so by following these steps. 1. If you are not already signed in, sign in to your Unstructured account. -2. In the top navigation bar, ... +2. In the top navigation bar, in the organizational account selector, select the name of the organizational account. +3. On the **Members** tab, click **New Member**. +4. On the **Add Member** page, for **Email**, type the email address of each individual user to add, and then click **Continue**. +5. On the **Assign Role** page, for **Account Role**, select the [organizational account role](/ui/account/roles#organizational-account-roles) for the individual users, and then click **Continue**. -## Assign an account role to an individual user + + An organizational account role that is assigned to an individual user always overrides any organizational account role that is assigned to any IdP group to which that user belongs. + This override happens the next time they sign in to your Unstructured account. + - - An account role that is assigned to an individual user always overrides any account role that is assigned to any IdP group to which that user belongs. - This override happens the next time they sign in to your Unstructured account. - +6. On the **Assign Workspaces** page, for **Workspaces and permissions**, select each workspace—and the + [workspace role](/ui/account/roles#workspace-roles) for that workspace—that you want to assign to the individual users + for each workspace—and then click **Add**. -This procedure assumes you have already added the individual user to your Unstructured account. [Learn how](#assign-an-individual-user-to-your-unstructured-account). + + A workspace role that is assigned to an individual user always overrides any workspace role that is assigned to any IdP group to which that user belongs. + This override happens the next time they sign in to your Unstructured account. + -1. If you are not already signed in, sign in to your Unstructured account. -2. In the top navigation bar, ... + + You can also create a new workspace here—and assign individual users to it with a workspace role at the same time—by clicking **Add Workspace**. + + +7. Click **Invite Members**. -## Assign a workspace role to an individual user +## Change a workspace role for an individual user - - A workspace role that is assigned to an individual user always overrides any workspace role that is assigned to any IdP group to which that user belongs. - This override happens the next time they sign in to your Unstructured account. - +This procedure assumes you have already added the individual user to your Unstructured account and the workspace within that account. [Learn how](#add-individual-users-to-your-unstructured-account). -This procedure assumes you have already added the individual user to your Unstructured account. [Learn how](#assign-an-individual-user-to-your-unstructured-account). +1. If you are not already signed in, sign in to your Unstructured account. +2. In the top navigation bar, in the organizational account selector, select the name of the organizational account. +3. In the top navigation bar, in the workspace selector, select the name of the workspace. +4. On the **Members** tab, next to the user's email, click the ellipsis (three dots), and then click **Edit Permissions**. +5. Select the new [workspace role](/ui/account/roles#workspace-roles) for the user. + +## Change an account role for an individual user + +This procedure assumes you have already added the individual user to your Unstructured account. [Learn how](#add-individual-users-to-your-unstructured-account). 1. If you are not already signed in, sign in to your Unstructured account. -2. In the top navigation bar, ... +2. In the top navigation bar, in the organizational account selector, select the name of the organizational account. +3. On the **Members** tab, click the user's email. +4. Select the new [organizational account role](/ui/account/roles#organizational-account-roles) for the user. + +## Remove an individual user from a workspace -## Remove a workspace role from an individual user +This procedure assumes you have already added the individual user to your Unstructured account and the workspace within that account. [Learn how](#add-individual-users-to-your-unstructured-account). - After you remove a workspace role from an individaul user, any workspace role that is assigned to any IdP group to which that user belongs will then be applied. + Removing an individual user from a workspace does not necessarily revoke all access to that workspace! + + After you remove an individual user from a workspace, any workspace role that is assigned to any IdP group to which that user belongs will then be applied. This happens the next time they sign in to your Unstructured account. -This procedure assumes you have already assigned a workspace role to the individual user. [Learn how](#assign-a-workspace-role-to-an-individual-user). +This procedure assumes you have already added the user to your Unstructured account and the workspace within that account. [Learn how](#add-individual-users-to-your-unstructured-account). 1. If you are not already signed in, sign in to your Unstructured account. -2. In the top navigation bar, ... +2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that contains the workspace. +3. In the top navigation bar, in the workspace selector, select the name of the workspace. +4. On the **Members** tab, next to the user's email, click the ellipsis (three dots), and then click **Remove Member**. + +## Remove an individual user from an account -## Remove an account role from an individual user +This procedure assumes you have already added the individual user to your Unstructured account. [Learn how](#add-individual-users-to-your-unstructured-account). - After you remove an account role from an individaul user, any account role that is assigned to any IdP group to which that user belongs will then be applied. + Removing an individual user from an account does not necessarily revoke all access to that account! + + After you remove an indivdual user from an account, any account role that is assigned to any IdP group to which that user belongs will then be applied. This happens the next time they sign in to your Unstructured account. -This procedure assumes you have already assigned an account role to the individual user. [Learn how](#assign-an-account-role-to-an-individual-user). +This procedure assumes you have already assigned the user to the account. [Learn how](#assign-an-account-role-to-an-individual-user). 1. If you are not already signed in, sign in to your Unstructured account. -2. In the top navigation bar, ... - -## Remove a workspace role from an IdP group +2. In the top navigation bar, in the organizational account selector, select the name of the organizational account. +3. On the **Members** tab, next to the user's email, click the ellipsis (three dots), and then click **Remove Member**. -This procedure assumes you have already assigned a workspace role to the IdP group. [Learn how](#assign-a-workspace-role-to-an-idp-group). +## Remove an IdP group from a workspace -1. If you are not already signed in, sign in to your Unstructured account. -2. In the top navigation bar, ... - -## Remove an account role from an IdP group +This procedure assumes you have already added the IdP group to your Unstructured account and the workspace within that account. [Learn how](#add-an-idp-group-to-your-unstructured-account). -This procedure assumes you have already assigned an account role to the IdP group. [Learn how](#assign-an-account-role-to-an-idp-group). + + After you remove an IdP group from a workspace, all users in that group will lose access to the workspace. + This happens the next time they sign in to your Unstructured account. + 1. If you are not already signed in, sign in to your Unstructured account. -2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that the IdP group belongs to. - +2. In the top navigation bar, in the organizational account selector, select the name of the organizational account. +3. In the top navigation bar, in the workspace selector, select the name of the workspace. +4. On the **Members** tab, next to the IdP group's name, click the ellipsis (three dots), and then click **Remove Member**. -## Remove an IdP group from your Unstructured account +## Remove an IdP group from an account This procedure assumes you have already added the IdP group to your Unstructured account. [Learn how](#add-an-idp-group-to-your-unstructured-account). -1. If you are not already signed in, sign in to your Unstructured account. -2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that the IdP group belongs to. + + After you remove an IdP group from an account, all users in that group will lose access to your Unstructured account. + This happens the next time they sign in to your Unstructured account. + +1. If you are not already signed in, sign in to your Unstructured account. +2. In the top navigation bar, in the organizational account selector, select the name of the organizational account. +3. TODO: Describe how to go to the account's **Identity Provider Groups** page. +4. Select the name of the IdP group. +5. Click **Delete Group**. From 0e76d607622449941400237a5d7e0e6ada6f30e3 Mon Sep 17 00:00:00 2001 From: Paul Cornell Date: Mon, 17 Nov 2025 14:55:43 -0800 Subject: [PATCH 3/7] More IdP how-to steps based on Loom video --- enterprise/idp/ui.mdx | 120 ++++++++++++++++++++++++------------------ 1 file changed, 70 insertions(+), 50 deletions(-) diff --git a/enterprise/idp/ui.mdx b/enterprise/idp/ui.mdx index 9d6f5adc..94dd500b 100644 --- a/enterprise/idp/ui.mdx +++ b/enterprise/idp/ui.mdx @@ -4,47 +4,49 @@ sidebarTitle: UI --- - The following information applies only to dedicated instance and in-VPC deployments of [Unstructured Enterprise](/enterprise/overview). + The following information applies only to dedicated instance and in-VPC deployments of [Unstructured Business](/business/overview). - IdP integration is not available for Unstructured **Starter** or **Team** accounts. + IdP integration is not available for **Business SaaS** accounts. The following information assumes that Unstructured has already connected your organization's IdP to your Unstructured account. -For more information, see [Getting started](/enterprise/idp/overview#getting-started). +For more information, see [Getting started](/business/idp/overview#getting-started). -## Add an IdP group to your Unstructured account +## Add an IdP group to an organizational account 1. If you are not already signed in, sign in to your Unstructured account. 2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that you want to add the IdP group to. -3. TODO: Describe how to go to the account's **Identity Provider Groups** page. -4. Click **New Group**. -5. On the **Connect Group** page, for **Identity Provider Group**, type the name of the IdP group that you want to add, and then click **Continue**. +3. In the sidebar, above your user icon, click the **Settings** (gear) icon, and then click **Manage Account**. +4. In the top navigation bar, click **IdP Groups**. +5. Click **+ New Group**. +6. On the **Connect Group** page, for **Identity Provider Group**, type the name of the IdP group that you want to add, and then click **Continue**. You must type the name of the IdP group exactly as it appears in your IdP. Otherwise, Unstructured will not be able to successfully complete the connection to that IdP group through your IdP. -6. On the **Assign Role** page, for **Account Role**,select the name of the [organizational account role](/ui/account/roles#organizational-account-roles) that you want to assign to the IdP group for this +7. On the **Assign Account Role** page, for **Account Role**, select the name of the [organizational account role](/ui/account/roles#organizational-account-roles) that you want to assign to the IdP group for this organizational account, and then click **Continue**. -7. On the **Assign Workspaces** page, for **Workspaces and permissions**, select each workspace—and the +8. On the **Assign Workspaces** page, for **Workspaces and permissions**, select each workspace—and the [workspace role](/ui/account/roles#workspace-roles) for that workspace—that you want to assign to the IdP group, and then click **Add**. - - You can also create a new workspace here—and assign the IdP group to it with a workspace role at the same time—by clicking **Add Workspace**. - + + The **Assign Workspaces** page does not apply if the IdP group is assigned the **Super Administrator** organizational account role. + This is because an IdP group with the **Super Administrator** role automatically has full access to all of the organizational account's workspaces. + -8. Click **Save Group**. +9. Click **Save Group**. -The account and workspace roles' permissions are enabled for each of the IdP group's existing users the next time they sign in to your -Unstructured account. +The organizational account and workspaces' roles' permissions are enabled for each of the IdP group's existing users the first (or next) time they sign in to your Unstructured account and then choose +this organizational account. Whenever you add a user to the IdP group, they get the associated account and workspace roles' permissions the next time they -sign in to your Unstructured account. +sign in to your Unstructured account and then choose this organizational account. -If a user is already signed in to your Unstructured account but is not getting the permissions they expect, the user should try signing out of your Unstructured account and then signing back in again, to get those permissions. +If a user is already signed in to your Unstructured account and has chosen this organizational account, but they are not getting the permissions they expect, the user should try signing out of your Unstructured account and then signing back in and choosing this organizational account again, to get those permissions. -If you remove a user from the IdP group, the associated account and workspace roles' permissions are revoked for them the next time they sign in to your Unstructured account. +If you remove a user from the IdP group, the associated account and workspace roles' permissions are revoked for them the next time they sign in to your Unstructured account and then choose this organizational account. An exception to this is if the user was otherwise [added as an individual user to the account](#add-individual-users-to-an-account). ## Add an IdP group to a workspace @@ -53,7 +55,7 @@ This procedure assumes you have already added the IdP group to your Unstructured 1. If you are not already signed in, sign in to your Unstructured account. 2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that contains the workspace. 3. In the top navigation bar, in the workspace selector, select the name of the workspace. -4. On the **Members** tab, click **Add New**, and then click **Add New IdP Group**. +4. On the **Members** tab, click **Add New +**, and then click **+ Add Group**. 5. Select the IdP group to add and its [workspace role](/ui/account/roles#workspace-roles) for this workspace, and then click **Save Changes**. ## Change a workspace role for an IdP group @@ -65,7 +67,7 @@ This procedure assumes you have already added the IdP group to your Unstructured 3. In the top navigation bar, in the workspace selector, select the name of the workspace. 4. On the **Members** tab, click the ellipsis (three dots) next to the name of the IdP group. 5. Click **Edit Permissions**. -6. TODO: Describe how to finish changing the IdP group's workspace role. +6. Select the IdP group's new workspace role, and then click **Continue**. ## Change an account role for an IdP group @@ -73,42 +75,55 @@ This procedure assumes you have already added the IdP group to your Unstructured 1. If you are not already signed in, sign in to your Unstructured account. 2. In the top navigation bar, in the organizational account selector, select the name of the organizational account. -3. TODO: Describe how to go to the account's **Identity Provider Groups** page. -4. Select the name of the IdP group. -5. Next to **Account Role**, click the edit (pencil) icon. -6. Select the new [organizational account role](/ui/account/roles#organizational-account-roles) for the IdP group. +3. In the sidebar, above your user icon, click the **Settings** (gear) icon, and then click **Manage Account**. +4. In the top navigation bar, click **IdP Groups**. +5. Click the name of the IdP group. +6. Next to **Account Role**, click the edit (pencil) icon. +7. Select the new [organizational account role](/ui/account/roles#organizational-account-roles) for the IdP group. -## Add individual users to your Unstructured account +## Add individual users to an account -Unstructured recommends that you add IdP groups to your Unstructured account, instead of adding individual users. +Unstructured recommends that you add IdP groups to an organizational account, instead of adding individual users. Managing IdP groups can be easier, faster, and less error-prone than managing individual users. -However, if you must add individual users to your Unstructured account, you can do so by following these steps. +However, if you must add individual users to an organizational account (for example, if you want to give a user +access to an organizational account at a different level than the access that is granted to them through their IdP groups), +you can do so by following these steps. 1. If you are not already signed in, sign in to your Unstructured account. 2. In the top navigation bar, in the organizational account selector, select the name of the organizational account. -3. On the **Members** tab, click **New Member**. -4. On the **Add Member** page, for **Email**, type the email address of each individual user to add, and then click **Continue**. -5. On the **Assign Role** page, for **Account Role**, select the [organizational account role](/ui/account/roles#organizational-account-roles) for the individual users, and then click **Continue**. +3. In the sidebar, above your user icon, click the **Settings** (gear) icon, and then click **Manage Account**. +3. On the **Members** tab, click **New Member +**. +4. On the **Add New Member** page, for **Email**, type the email address of each individual user to add. +5. For all of the email addresses that you typed, select the [organizational account role](/ui/account/roles#organizational-account-roles) for all of the individual users at once, and then click **Continue**. An organizational account role that is assigned to an individual user always overrides any organizational account role that is assigned to any IdP group to which that user belongs. - This override happens the next time they sign in to your Unstructured account. + This override happens the next time they sign in to your Unstructured account and then choose this organizational account. -6. On the **Assign Workspaces** page, for **Workspaces and permissions**, select each workspace—and the - [workspace role](/ui/account/roles#workspace-roles) for that workspace—that you want to assign to the individual users - for each workspace—and then click **Add**. +6. Click **Continue**. + +## Add individual users to a workspace + +Unstructured recommends that you add IdP groups to your workspaces, instead of adding individual users. +Managing IdP groups can be easier, faster, and less error-prone than managing individual users. +However, if you must add individual users to workspaces (for example, if you want to give a user +access to workspaces at a different level than the access than is granted to them through their IdP groups), +you can do so by following these steps. + +1. If you are not already signed in, sign in to your Unstructured account. +2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that contains the workspace. +3. In the top navigation bar, in the workspace selector, select the name of the workspace. +4. On the **Members** tab, click **Add New+**, and then click **+ Add Member**. +5. On the **Add New Member** page, for **Email**, type the email address of each individual user to add. +6. For all of the email addresses that you typed, select the [workspace role](/ui/account/roles#workspace-roles) for all of the individual users at once, and then click **Continue**. A workspace role that is assigned to an individual user always overrides any workspace role that is assigned to any IdP group to which that user belongs. - This override happens the next time they sign in to your Unstructured account. + This override happens the next time they sign in to your Unstructured account and then choose this organizational account. - - You can also create a new workspace here—and assign individual users to it with a workspace role at the same time—by clicking **Add Workspace**. - - -7. Click **Invite Members**. +7. Click **Continue**. ## Change a workspace role for an individual user @@ -133,12 +148,12 @@ This procedure assumes you have already added the individual user to your Unstru This procedure assumes you have already added the individual user to your Unstructured account and the workspace within that account. [Learn how](#add-individual-users-to-your-unstructured-account). - + Removing an individual user from a workspace does not necessarily revoke all access to that workspace! After you remove an individual user from a workspace, any workspace role that is assigned to any IdP group to which that user belongs will then be applied. This happens the next time they sign in to your Unstructured account. - + This procedure assumes you have already added the user to your Unstructured account and the workspace within that account. [Learn how](#add-individual-users-to-your-unstructured-account). @@ -151,12 +166,12 @@ This procedure assumes you have already added the user to your Unstructured acco This procedure assumes you have already added the individual user to your Unstructured account. [Learn how](#add-individual-users-to-your-unstructured-account). - + Removing an individual user from an account does not necessarily revoke all access to that account! After you remove an indivdual user from an account, any account role that is assigned to any IdP group to which that user belongs will then be applied. This happens the next time they sign in to your Unstructured account. - + This procedure assumes you have already assigned the user to the account. [Learn how](#assign-an-account-role-to-an-individual-user). @@ -182,13 +197,18 @@ This procedure assumes you have already added the IdP group to your Unstructured This procedure assumes you have already added the IdP group to your Unstructured account. [Learn how](#add-an-idp-group-to-your-unstructured-account). - - After you remove an IdP group from an account, all users in that group will lose access to your Unstructured account. + + After you remove an IdP group from an account, all users in that group will lose access to your Unstructured account the next time they sign in + to your Unstructured account and then choose this organizational account. + unless + they were otherwise [add as individual users to the account]() . + This happens the next time they sign in to your Unstructured account. - + 1. If you are not already signed in, sign in to your Unstructured account. 2. In the top navigation bar, in the organizational account selector, select the name of the organizational account. -3. TODO: Describe how to go to the account's **Identity Provider Groups** page. -4. Select the name of the IdP group. -5. Click **Delete Group**. +3. In the sidebar, above your user icon, click the **Settings** (gear) icon, and then click **Manage Account**. +4. In the top navigation bar, click **IdP Groups**. +5. Click the name of the IdP group. +6. In the settings pane, click **Delete Group**. From 846257a282f7d2dc2e4ce0315dd901e1e1203428 Mon Sep 17 00:00:00 2001 From: Paul Cornell Date: Tue, 18 Nov 2025 10:14:27 -0800 Subject: [PATCH 4/7] Enterprise -> Business --- README.md | 2 +- {enterprise => business}/aws/onboard.mdx | 2 +- {enterprise => business}/aws/overview.mdx | 4 ++-- {enterprise => business}/azure/onboard.mdx | 2 +- {enterprise => business}/azure/overview.mdx | 4 ++-- .../bare-metal/onboard.mdx | 2 +- .../bare-metal/overview.mdx | 4 ++-- {enterprise => business}/gcp/onboard.mdx | 2 +- {enterprise => business}/gcp/overview.mdx | 4 ++-- {enterprise => business}/idp/overview.mdx | 4 ++-- {enterprise => business}/idp/ui.mdx | 0 {enterprise => business}/overview.mdx | 4 ++-- .../security-compliance/overview.mdx | 0 docs.json | 24 +++++++++---------- .../general-shared-text/s3-ambient-creds.mdx | 2 +- support/request.mdx | 2 +- 16 files changed, 31 insertions(+), 31 deletions(-) rename {enterprise => business}/aws/onboard.mdx (99%) rename {enterprise => business}/aws/overview.mdx (92%) rename {enterprise => business}/azure/onboard.mdx (99%) rename {enterprise => business}/azure/overview.mdx (92%) rename {enterprise => business}/bare-metal/onboard.mdx (95%) rename {enterprise => business}/bare-metal/overview.mdx (91%) rename {enterprise => business}/gcp/onboard.mdx (99%) rename {enterprise => business}/gcp/overview.mdx (92%) rename {enterprise => business}/idp/overview.mdx (95%) rename {enterprise => business}/idp/ui.mdx (100%) rename {enterprise => business}/overview.mdx (95%) rename {enterprise => business}/security-compliance/overview.mdx (100%) diff --git a/README.md b/README.md index fff713ef..3a0b7c2d 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ This repo hosts documentation for: * [Unstructured Open Source Library](https://github.com/Unstructured-IO/unstructured) * [Unstructured APIs](https://unstructured.io/api-key-hosted) -* [Unstructured Enterprise platform](https://unstructured.io/platform) +* [Unstructured Business platform](https://unstructured.io/platform) 👉 Looking for the live documentation site powered by this repo? Visit [docs.unstructured.io](https://docs.unstructured.io/) diff --git a/enterprise/aws/onboard.mdx b/business/aws/onboard.mdx similarity index 99% rename from enterprise/aws/onboard.mdx rename to business/aws/onboard.mdx index 1c2970b2..53d00387 100644 --- a/enterprise/aws/onboard.mdx +++ b/business/aws/onboard.mdx @@ -4,7 +4,7 @@ sidebarTitle: Onboarding --- - The following information applies only to in-VPC deployments of [Unstructured Enterprise](/enterprise/overview). + The following information applies only to in-VPC deployments of [Unstructured Enterprise](/business/overview). For dedicated instance deployments of Unstructured Enterprise, contact your Unstructured sales representative, or email Unstructured Sales at [sales@unstructured.io](mailto:sales@unstructured.io). diff --git a/enterprise/aws/overview.mdx b/business/aws/overview.mdx similarity index 92% rename from enterprise/aws/overview.mdx rename to business/aws/overview.mdx index 1e1b7380..658f3ef3 100644 --- a/enterprise/aws/overview.mdx +++ b/business/aws/overview.mdx @@ -4,7 +4,7 @@ sidebarTitle: Overview --- - The following information applies only to in-VPC deployments of [Unstructured Enterprise](/enterprise/overview). + The following information applies only to in-VPC deployments of [Unstructured Enterprise](/business/overview). For dedicated instance deployments of Unstructured Enterprise, contact your Unstructured sales representative, or email Unstructured Sales at [sales@unstructured.io](mailto:sales@unstructured.io). @@ -19,7 +19,7 @@ To begin the Enterprise agreement process, contact your Unstructured sales repre After your organization has signed the Enterprise agreement, a member of the Unstructured technical enablement team will reach out to you to begin the deployment onboarding process. To streamline this process, you are encouraged to begin setting up your target environment as soon as possible. To do this, -see the [onboarding checkist](/enterprise/aws/onboard). +see the [onboarding checkist](/business/aws/onboard). ## Questions? Need help? diff --git a/enterprise/azure/onboard.mdx b/business/azure/onboard.mdx similarity index 99% rename from enterprise/azure/onboard.mdx rename to business/azure/onboard.mdx index d1eebcba..f6862f50 100644 --- a/enterprise/azure/onboard.mdx +++ b/business/azure/onboard.mdx @@ -4,7 +4,7 @@ sidebarTitle: Onboarding --- - The following information applies only to in-VPC deployments of [Unstructured Enterprise](/enterprise/overview). + The following information applies only to in-VPC deployments of [Unstructured Enterprise](/business/overview). For dedicated instance deployments of Unstructured Enterprise, contact your Unstructured sales representative, or email Unstructured Sales at [sales@unstructured.io](mailto:sales@unstructured.io). diff --git a/enterprise/azure/overview.mdx b/business/azure/overview.mdx similarity index 92% rename from enterprise/azure/overview.mdx rename to business/azure/overview.mdx index aa091f0d..83fd4a0d 100644 --- a/enterprise/azure/overview.mdx +++ b/business/azure/overview.mdx @@ -4,7 +4,7 @@ sidebarTitle: Overview --- - The following information applies only to in-VPC deployments of [Unstructured Enterprise](/enterprise/overview). + The following information applies only to in-VPC deployments of [Unstructured Enterprise](/business/overview). For dedicated instance deployments of Unstructured Enterprise, contact your Unstructured sales representative, or email Unstructured Sales at [sales@unstructured.io](mailto:sales@unstructured.io). @@ -19,7 +19,7 @@ To begin the Enterprise agreement process, contact your Unstructured sales repre After your organization has signed the Enterprise agreement, a member of the Unstructured technical enablement team will reach out to you to begin the deployment onboarding process. To streamline this process, you are encouraged to begin setting up your target environment as soon as possible. To do this, -see the [onboarding checkist](/enterprise/azure/onboard). +see the [onboarding checkist](/business/azure/onboard). ## Questions? Need help? diff --git a/enterprise/bare-metal/onboard.mdx b/business/bare-metal/onboard.mdx similarity index 95% rename from enterprise/bare-metal/onboard.mdx rename to business/bare-metal/onboard.mdx index 50b390ff..eb2d7a63 100644 --- a/enterprise/bare-metal/onboard.mdx +++ b/business/bare-metal/onboard.mdx @@ -4,7 +4,7 @@ sidebarTitle: Onboarding --- - The following information applies only to bare metal deployments of [Unstructured Enterprise](/enterprise/overview). + The following information applies only to bare metal deployments of [Unstructured Enterprise](/business/overview). For dedicated instance or in-VPC deployments of Unstructured Enterprise, contact your Unstructured sales representative, or email Unstructured Sales at [sales@unstructured.io](mailto:sales@unstructured.io). diff --git a/enterprise/bare-metal/overview.mdx b/business/bare-metal/overview.mdx similarity index 91% rename from enterprise/bare-metal/overview.mdx rename to business/bare-metal/overview.mdx index d0c956bc..b4a35ad4 100644 --- a/enterprise/bare-metal/overview.mdx +++ b/business/bare-metal/overview.mdx @@ -4,7 +4,7 @@ sidebarTitle: Overview --- - The following information applies only to bare metal deployments of [Unstructured Enterprise](/enterprise/overview). + The following information applies only to bare metal deployments of [Unstructured Enterprise](/business/overview). For dedicated instance or in-VPC deployments of Unstructured Enterprise, contact your Unstructured sales representative, or email Unstructured Sales at [sales@unstructured.io](mailto:sales@unstructured.io). @@ -19,7 +19,7 @@ To begin the bare metal agreement process, contact your Unstructured sales repre After your organization has signed the bare metal agreement, a member of the Unstructured technical enablement team will reach out to you to begin the deployment onboarding process. To streamline this process, you are encouraged to begin setting up your target environment as soon as possible. To do this, -see the [onboarding checkist](/enterprise/bare-metal/onboard). +see the [onboarding checkist](/business/bare-metal/onboard). ## Questions? Need help? diff --git a/enterprise/gcp/onboard.mdx b/business/gcp/onboard.mdx similarity index 99% rename from enterprise/gcp/onboard.mdx rename to business/gcp/onboard.mdx index 7f596974..3e2d2fa7 100644 --- a/enterprise/gcp/onboard.mdx +++ b/business/gcp/onboard.mdx @@ -4,7 +4,7 @@ sidebarTitle: Onboarding --- - The following information applies only to in-VPC deployments of [Unstructured Enterprise](/enterprise/overview). + The following information applies only to in-VPC deployments of [Unstructured Enterprise](/business/overview). For dedicated instance deployments of Unstructured Enterprise, contact your Unstructured sales representative, or email Unstructured Sales at [sales@unstructured.io](mailto:sales@unstructured.io). diff --git a/enterprise/gcp/overview.mdx b/business/gcp/overview.mdx similarity index 92% rename from enterprise/gcp/overview.mdx rename to business/gcp/overview.mdx index b79c4f12..b792329a 100644 --- a/enterprise/gcp/overview.mdx +++ b/business/gcp/overview.mdx @@ -4,7 +4,7 @@ sidebarTitle: Overview --- - The following information applies only to in-VPC deployments of [Unstructured Enterprise](/enterprise/overview). + The following information applies only to in-VPC deployments of [Unstructured Enterprise](/business/overview). For dedicated instance deployments of Unstructured Enterprise, contact your Unstructured sales representative, or email Unstructured Sales at [sales@unstructured.io](mailto:sales@unstructured.io). @@ -19,7 +19,7 @@ To begin the Enterprise agreement process, contact your Unstructured sales repre After your organization has signed the Enterprise agreement, a member of the Unstructured technical enablement team will reach out to you to begin the deployment onboarding process. To streamline this process, you are encouraged to begin setting up your target environment as soon as possible. To do this, -see the [onboarding checkist](/enterprise/gcp/onboard). +see the [onboarding checkist](/business/gcp/onboard). ## Questions? Need help? diff --git a/enterprise/idp/overview.mdx b/business/idp/overview.mdx similarity index 95% rename from enterprise/idp/overview.mdx rename to business/idp/overview.mdx index d9451735..79a3ff6f 100644 --- a/enterprise/idp/overview.mdx +++ b/business/idp/overview.mdx @@ -4,7 +4,7 @@ sidebarTitle: Overview --- - The following information applies only to dedicated instance and in-VPC deployments of [Unstructured Enterprise](/enterprise/overview). + The following information applies only to dedicated instance and in-VPC deployments of [Unstructured Enterprise](/business/overview). IdP integration is not available for Unstructured **Starter** or **Team** accounts. @@ -54,4 +54,4 @@ email Unstructured Support at [support@unstructured.io](mailto:support@unstructu After Unstructured has connected your organization's IdP to your Unstructured account, you can manage access by your IdP groups and individual users to your Unstructured account and its workspaces. To do this, you can use your Unstructured account's user interface (UI). For details, see -[IdP management with the Unstructured UI](/enterprise/idp/ui). \ No newline at end of file +[IdP management with the Unstructured UI](/business/idp/ui). \ No newline at end of file diff --git a/enterprise/idp/ui.mdx b/business/idp/ui.mdx similarity index 100% rename from enterprise/idp/ui.mdx rename to business/idp/ui.mdx diff --git a/enterprise/overview.mdx b/business/overview.mdx similarity index 95% rename from enterprise/overview.mdx rename to business/overview.mdx index 7a64c025..1304d214 100644 --- a/enterprise/overview.mdx +++ b/business/overview.mdx @@ -36,8 +36,8 @@ deployment onboarding process. the Unstructured UI, along with any next steps that you need to take. - For an in-VPC deployment, your organization will work with a member of the Unstructured technical enablement team to deploy Unstructured into your own cloud instrastructure. You are encouraged to begin setting up your target environment as soon as possible. To do this, - see the onboarding requirements for your [AWS](/enterprise/aws/onboard), [Azure](/enterprise/azure/onboard), or - [GCP](/enterprise/gcp/onboard) account. + see the onboarding requirements for your [AWS](/business/aws/onboard), [Azure](/business/azure/onboard), or + [GCP](/business/gcp/onboard) account. ## Questions? Need help? diff --git a/enterprise/security-compliance/overview.mdx b/business/security-compliance/overview.mdx similarity index 100% rename from enterprise/security-compliance/overview.mdx rename to business/security-compliance/overview.mdx diff --git a/docs.json b/docs.json index a6ca10de..c65c7a42 100644 --- a/docs.json +++ b/docs.json @@ -303,46 +303,46 @@ ] }, { - "tab": "Enterprise", + "tab": "Business", "groups": [ { - "group": "Enterprise", + "group": "Business", "pages": [ - "enterprise/overview" + "business/overview" ] }, { "group": "Security and compliance", "pages": [ - "enterprise/security-compliance/overview" + "business/security-compliance/overview" ] }, { "group": "IdP integration", "pages": [ - "enterprise/idp/overview", - "enterprise/idp/ui" + "business/idp/overview", + "business/idp/ui" ] }, { "group": "AWS", "pages": [ - "enterprise/aws/overview", - "enterprise/aws/onboard" + "business/aws/overview", + "business/aws/onboard" ] }, { "group": "Azure", "pages": [ - "enterprise/azure/overview", - "enterprise/azure/onboard" + "business/azure/overview", + "business/azure/onboard" ] }, { "group": "GCP", "pages": [ - "enterprise/gcp/overview", - "enterprise/gcp/onboard" + "business/gcp/overview", + "business/gcp/onboard" ] } ] diff --git a/snippets/general-shared-text/s3-ambient-creds.mdx b/snippets/general-shared-text/s3-ambient-creds.mdx index 5a60bd44..843455de 100644 --- a/snippets/general-shared-text/s3-ambient-creds.mdx +++ b/snippets/general-shared-text/s3-ambient-creds.mdx @@ -1,5 +1,5 @@ - The following information applies to [Unstructured Enterprise](/enterprise/overview) accounts only. + The following information applies to [Unstructured Enterprise](/business/overview) accounts only. Unstructured Enterprise accounts support the Federal Information Processing Standard (FIPS) for diff --git a/support/request.mdx b/support/request.mdx index 0de1785d..95ce1d36 100644 --- a/support/request.mdx +++ b/support/request.mdx @@ -10,7 +10,7 @@ To request support, do the following: - For Unstructured software-as-a-service (Saas) accounts, including legacy pay-as-you-go, [Starter](https://unstructured.io/pricing) and [Team](https://unstructured.io/pricing) accounts, email Unstructured Support at [support@unstructured.io](mailto:support@unstructured.io).* -- For Unstructured [Enterprise](/enterprise/overview) accounts, including dedicated instance and in-VPC accounts, +- For Unstructured [Enterprise](/business/overview) accounts, including dedicated instance and in-VPC accounts, contact your assigned Unstructured Account Executive (AE) or Customer Success Manager (CSM) for access to your dedicated Customer Support Portal. If you do not know who your assigned AE or CSM is, From fbceb7741ef05947c63677665b9343f8fe3201e0 Mon Sep 17 00:00:00 2001 From: Paul Cornell Date: Tue, 18 Nov 2025 13:54:56 -0800 Subject: [PATCH 5/7] More minor updates for IdP --- business/idp/ui.mdx | 92 ++++++++++++++++++++++++++++++++------------- 1 file changed, 65 insertions(+), 27 deletions(-) diff --git a/business/idp/ui.mdx b/business/idp/ui.mdx index 93e33d15..cb2b1265 100644 --- a/business/idp/ui.mdx +++ b/business/idp/ui.mdx @@ -53,8 +53,14 @@ If you remove a user from the IdP group, the associated account and workspace ro This procedure assumes you have already added the IdP group to your Unstructured account. [Learn how](#add-an-idp-group-to-your-unstructured-account). 1. If you are not already signed in, sign in to your Unstructured account. -2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that contains the workspace. -3. In the top navigation bar, in the workspace selector, select the name of the workspace. +2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that contains the workspace you want to add the IdP group to. +3. In the top navigation bar, in the workspace selector, select the name of the workspace you want to add the IdP group to. + + + If the workspace selector is not showing next to the organizational account selector then, in the top navigation bar, + click the **Workspaces** tab, and then click the name of the workspace you want to add the IdP group to. + + 4. On the **Members** tab, click **Add New +**, and then click **+ Add Group**. 5. Select the IdP group to add and its [workspace role](/ui/account/roles#workspace-roles) for this workspace, and then click **Save Changes**. @@ -63,23 +69,29 @@ This procedure assumes you have already added the IdP group to your Unstructured This procedure assumes you have already added the IdP group to your Unstructured account and the workspace within that account. [Learn how](#add-an-idp-group-to-your-unstructured-account). 1. If you are not already signed in, sign in to your Unstructured account. -2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that contains the workspace. -3. In the top navigation bar, in the workspace selector, select the name of the workspace. -4. On the **Members** tab, click the ellipsis (three dots) next to the name of the IdP group. +2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that contains the workspace that refers to the IdP group whose role you want to change. +3. In the top navigation bar, in the workspace selector, select the name of the workspace that refers to the IdP group whose role you want to change. + + + If the workspace selector is not showing next to the organizational account selector then, in the top navigation bar, + click the **Workspaces** tab, and then click the name of the workspace that refers to the IdP group whose role you want to change. + + +4. On the **Members** tab, click the ellipsis (three dots) next to the name of the IdP group whose workspace role you want to change. 5. Click **Edit Permissions**. -6. Select the IdP group's new workspace role, and then click **Continue**. +6. Select the IdP group's new [workspace role](/ui/account/roles#workspace-roles) for this workspace, and then click **Continue**. ## Change an account role for an IdP group This procedure assumes you have already added the IdP group to your Unstructured account. [Learn how](#add-an-idp-group-to-your-unstructured-account). 1. If you are not already signed in, sign in to your Unstructured account. -2. In the top navigation bar, in the organizational account selector, select the name of the organizational account. +2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that contains the IdP group whose organizational account role you want to change. 3. In the sidebar, above your user icon, click the **Settings** (gear) icon, and then click **Manage Account**. 4. In the top navigation bar, click **IdP Groups**. -5. Click the name of the IdP group. +5. Click the name of the IdP group whose organizational account role you want to change. 6. Next to **Account Role**, click the edit (pencil) icon. -7. Select the new [organizational account role](/ui/account/roles#organizational-account-roles) for the IdP group. +7. Select the new [organizational account role](/ui/account/roles#organizational-account-roles) for the IdP group whose organizational account role you want to change. ## Add individual users to an account @@ -108,12 +120,18 @@ you can do so by following these steps. Unstructured recommends that you add IdP groups to your workspaces, instead of adding individual users. Managing IdP groups can be easier, faster, and less error-prone than managing individual users. However, if you must add individual users to workspaces (for example, if you want to give a user -access to workspaces at a different level than the access than is granted to them through their IdP groups), +access to a workspace at a different level than the access than is granted to them through their IdP groups), you can do so by following these steps. 1. If you are not already signed in, sign in to your Unstructured account. -2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that contains the workspace. -3. In the top navigation bar, in the workspace selector, select the name of the workspace. +2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that contains the workspace for the individual users you want to add. +3. In the top navigation bar, in the workspace selector, select the name of the workspace that you to add the individual users to. + + + If the workspace selector is not showing next to the organizational account selector then, in the top navigation bar, + click the **Workspaces** tab, and then click the name of the workspace you want to add the individual users to. + + 4. On the **Members** tab, click **Add New+**, and then click **+ Add Member**. 5. On the **Add New Member** page, for **Email**, type the email address of each individual user to add. 6. For all of the email addresses that you typed, select the [workspace role](/ui/account/roles#workspace-roles) for all of the individual users at once, and then click **Continue**. @@ -132,6 +150,12 @@ This procedure assumes you have already added the individual user to your Unstru 1. If you are not already signed in, sign in to your Unstructured account. 2. In the top navigation bar, in the organizational account selector, select the name of the organizational account. 3. In the top navigation bar, in the workspace selector, select the name of the workspace. + + + If the workspace selector is not showing next to the organizational account selector then, in the top navigation bar, + click the **Workspaces** tab, and then click the name of the workspace that contains the user for whom you want to change the workspace role. + + 4. On the **Members** tab, next to the user's email, click the ellipsis (three dots), and then click **Edit Permissions**. 5. Select the new [workspace role](/ui/account/roles#workspace-roles) for the user. @@ -140,7 +164,7 @@ This procedure assumes you have already added the individual user to your Unstru This procedure assumes you have already added the individual user to your Unstructured account. [Learn how](#add-individual-users-to-your-unstructured-account). 1. If you are not already signed in, sign in to your Unstructured account. -2. In the top navigation bar, in the organizational account selector, select the name of the organizational account. +2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that contains the user for whom you want to change their organizational account role. 3. On the **Members** tab, click the user's email. 4. Select the new [organizational account role](/ui/account/roles#organizational-account-roles) for the user. @@ -160,6 +184,12 @@ This procedure assumes you have already added the user to your Unstructured acco 1. If you are not already signed in, sign in to your Unstructured account. 2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that contains the workspace. 3. In the top navigation bar, in the workspace selector, select the name of the workspace. + + + If the workspace selector is not showing next to the organizational account selector then, in the top navigation bar, + click the **Workspaces** tab, and then click the name of the workspace that contains the user you want to remove. + + 4. On the **Members** tab, next to the user's email, click the ellipsis (three dots), and then click **Remove Member**. ## Remove an individual user from an account @@ -167,9 +197,9 @@ This procedure assumes you have already added the user to your Unstructured acco This procedure assumes you have already added the individual user to your Unstructured account. [Learn how](#add-individual-users-to-your-unstructured-account). - Removing an individual user from an account does not necessarily revoke all access to that account! + Removing an individual user from an organizational account does not necessarily revoke all access to that organizational account! - After you remove an indivdual user from an account, any account role that is assigned to any IdP group to which that user belongs will then be applied. + After you remove an indivdual user from an account, any organizational account role that is assigned to any IdP group to which that user belongs will then be applied. This happens the next time they sign in to your Unstructured account. @@ -183,14 +213,23 @@ This procedure assumes you have already assigned the user to the account. [Learn This procedure assumes you have already added the IdP group to your Unstructured account and the workspace within that account. [Learn how](#add-an-idp-group-to-your-unstructured-account). - - After you remove an IdP group from a workspace, all users in that group will lose access to the workspace. - This happens the next time they sign in to your Unstructured account. - + + After you remove an IdP group from a workspace, all users in that group will lose access to the workspace, + unless they were otherwise [added as individual users to the account](#add-individual-users-to-a-workspace). + + If they were not otherwise added as individual users to the workspace, they will lose access to that workspace + the next time they sign in to your Unstructured account. + 1. If you are not already signed in, sign in to your Unstructured account. -2. In the top navigation bar, in the organizational account selector, select the name of the organizational account. -3. In the top navigation bar, in the workspace selector, select the name of the workspace. +2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that contains the workspace. +3. In the top navigation bar, in the workspace selector, select the name of the workspace you want to remove the IdP group from. + + + If the workspace selector is not showing next to the organizational account selector then, in the top navigation bar, + click the **Workspaces** tab, and then click the name of workspace that contains the IdP group you want to remove. + + 4. On the **Members** tab, next to the IdP group's name, click the ellipsis (three dots), and then click **Remove Member**. ## Remove an IdP group from an account @@ -198,17 +237,16 @@ This procedure assumes you have already added the IdP group to your Unstructured This procedure assumes you have already added the IdP group to your Unstructured account. [Learn how](#add-an-idp-group-to-your-unstructured-account). - After you remove an IdP group from an account, all users in that group will lose access to your Unstructured account the next time they sign in - to your Unstructured account and then choose this organizational account. - unless - they were otherwise [add as individual users to the account]() . + After you remove an IdP group from an organizational account, all users in that group will lose access to the organizational account, + unless they were otherwise [added as individual users to the account](#add-individual-users-to-an-account). - This happens the next time they sign in to your Unstructured account. + If they were not otherwise added as individual users to the organizational account, they will lose access to that organizational account + the next time they sign in to your Unstructured account. 1. If you are not already signed in, sign in to your Unstructured account. 2. In the top navigation bar, in the organizational account selector, select the name of the organizational account. 3. In the sidebar, above your user icon, click the **Settings** (gear) icon, and then click **Manage Account**. 4. In the top navigation bar, click **IdP Groups**. -5. Click the name of the IdP group. +5. Click the name of the IdP group you want to remove from the organizational account. 6. In the settings pane, click **Delete Group**. From 33ea53a607d315f5c4de7972b3bc0d6ad73e4418 Mon Sep 17 00:00:00 2001 From: Paul Cornell Date: Wed, 19 Nov 2025 14:57:43 -0800 Subject: [PATCH 6/7] Add remaining how-to steps for IdP --- business/idp/ui.mdx | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/business/idp/ui.mdx b/business/idp/ui.mdx index cb2b1265..db6a48d4 100644 --- a/business/idp/ui.mdx +++ b/business/idp/ui.mdx @@ -62,7 +62,7 @@ This procedure assumes you have already added the IdP group to your Unstructured 4. On the **Members** tab, click **Add New +**, and then click **+ Add Group**. -5. Select the IdP group to add and its [workspace role](/ui/account/roles#workspace-roles) for this workspace, and then click **Save Changes**. +5. Select the IdP group to add and its [workspace role](/ui/account/roles#workspace-roles) for this workspace, and then click **Continue**. ## Change a workspace role for an IdP group @@ -91,12 +91,13 @@ This procedure assumes you have already added the IdP group to your Unstructured 4. In the top navigation bar, click **IdP Groups**. 5. Click the name of the IdP group whose organizational account role you want to change. 6. Next to **Account Role**, click the edit (pencil) icon. -7. Select the new [organizational account role](/ui/account/roles#organizational-account-roles) for the IdP group whose organizational account role you want to change. +7. Select the new [organizational account role](/ui/account/roles#organizational-account-roles) for the IdP group whose organizational account role you want to change, and then click the apply (check mark) icon. ## Add individual users to an account Unstructured recommends that you add IdP groups to an organizational account, instead of adding individual users. -Managing IdP groups can be easier, faster, and less error-prone than managing individual users. +Managing IdP groups can be easier, faster, and less error-prone than managing individual users. + However, if you must add individual users to an organizational account (for example, if you want to give a user access to an organizational account at a different level than the access that is granted to them through their IdP groups), you can do so by following these steps. @@ -105,7 +106,7 @@ you can do so by following these steps. 2. In the top navigation bar, in the organizational account selector, select the name of the organizational account. 3. In the sidebar, above your user icon, click the **Settings** (gear) icon, and then click **Manage Account**. 3. On the **Members** tab, click **New Member +**. -4. On the **Add New Member** page, for **Email**, type the email address of each individual user to add. +4. In the **Add New Member** dialog, for **Email**, type the email address of each individual user to add. 5. For all of the email addresses that you typed, select the [organizational account role](/ui/account/roles#organizational-account-roles) for all of the individual users at once, and then click **Continue**. @@ -118,7 +119,8 @@ you can do so by following these steps. ## Add individual users to a workspace Unstructured recommends that you add IdP groups to your workspaces, instead of adding individual users. -Managing IdP groups can be easier, faster, and less error-prone than managing individual users. +Managing IdP groups can be easier, faster, and less error-prone than managing individual users. + However, if you must add individual users to workspaces (for example, if you want to give a user access to a workspace at a different level than the access than is granted to them through their IdP groups), you can do so by following these steps. @@ -133,7 +135,7 @@ you can do so by following these steps. 4. On the **Members** tab, click **Add New+**, and then click **+ Add Member**. -5. On the **Add New Member** page, for **Email**, type the email address of each individual user to add. +5. In the **Add New Member** dialog, for **Email**, type the email address of each individual user to add. 6. For all of the email addresses that you typed, select the [workspace role](/ui/account/roles#workspace-roles) for all of the individual users at once, and then click **Continue**. @@ -157,7 +159,7 @@ This procedure assumes you have already added the individual user to your Unstru 4. On the **Members** tab, next to the user's email, click the ellipsis (three dots), and then click **Edit Permissions**. -5. Select the new [workspace role](/ui/account/roles#workspace-roles) for the user. +5. Select the new [workspace role](/ui/account/roles#workspace-roles) for the user, and then click **Continue**. ## Change an account role for an individual user @@ -165,8 +167,10 @@ This procedure assumes you have already added the individual user to your Unstru 1. If you are not already signed in, sign in to your Unstructured account. 2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that contains the user for whom you want to change their organizational account role. -3. On the **Members** tab, click the user's email. -4. Select the new [organizational account role](/ui/account/roles#organizational-account-roles) for the user. +3. In the sidebar, above your user icon, click the **Settings** (gear) icon, and then click **Manage Account**. +4. On the **Members** tab, click the user's email. +5. Next to **Role**, click the edit (pencil) icon. +4. Select the new [organizational account role](/ui/account/roles#organizational-account-roles) for the user, and then click the apply (check mark) icon. ## Remove an individual user from a workspace @@ -191,6 +195,7 @@ This procedure assumes you have already added the user to your Unstructured acco 4. On the **Members** tab, next to the user's email, click the ellipsis (three dots), and then click **Remove Member**. +5. To confirm the removal, click **Continue**. ## Remove an individual user from an account @@ -207,7 +212,9 @@ This procedure assumes you have already assigned the user to the account. [Learn 1. If you are not already signed in, sign in to your Unstructured account. 2. In the top navigation bar, in the organizational account selector, select the name of the organizational account. -3. On the **Members** tab, next to the user's email, click the ellipsis (three dots), and then click **Remove Member**. +3. In the sidebar, above your user icon, click the **Settings** (gear) icon, and then click **Manage Account**. +4. On the **Members** tab, next to the user's email, click the ellipsis (three dots), and then click **Remove Member**. +5. To confirm the removal, click **Continue**. ## Remove an IdP group from a workspace @@ -231,6 +238,7 @@ This procedure assumes you have already added the IdP group to your Unstructured 4. On the **Members** tab, next to the IdP group's name, click the ellipsis (three dots), and then click **Remove Member**. +5. To confirm the removal, click **Continue**. ## Remove an IdP group from an account @@ -250,3 +258,4 @@ This procedure assumes you have already added the IdP group to your Unstructured 4. In the top navigation bar, click **IdP Groups**. 5. Click the name of the IdP group you want to remove from the organizational account. 6. In the settings pane, click **Delete Group**. +7. To confirm the removal, click **Continue**. From 728432b66649ec5f855a8e3153d8b8f7581fcbab Mon Sep 17 00:00:00 2001 From: Paul-Cornell Date: Tue, 25 Nov 2025 10:28:47 -0800 Subject: [PATCH 7/7] Apply suggestions from code review --- business/idp/overview.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/business/idp/overview.mdx b/business/idp/overview.mdx index 65b5cbe0..c1664ecf 100644 --- a/business/idp/overview.mdx +++ b/business/idp/overview.mdx @@ -4,7 +4,7 @@ sidebarTitle: Overview --- - The following information applies only to dedicated instance and in-VPC deployments of [Unstructured Enterprise](/business/overview). + The following information applies only to dedicated instance and in-VPC deployments of [Unstructured Business](/business/overview). IdP integration is not available for Unstructured **Let's Go**, **Pay-As-You-Go**, or **Business SaaS** accounts.