Onboard Organisation Members

Summary

The CoE Admin onboards new organisation members — either regular employees to specific workspaces, or Team Leads with different levels of autonomy. The onboarding approach depends on the deployment model and the intended role.

Onboard New Organisation Member to Workspace

Context: A new employee joins the organisation and needs access to specific workspaces.

Camunda Hub supports OIDC integration with the organisation’s external Identity Provider (e.g., Entra ID, Keycloak, Okta) and user accounts are managed in the IdP rather than in Hub. On SaaS, a built-in identity (Auth0) with direct invitations is supported as well.

Invite Member to the Organisation (if needed)

The way a new employee gains access to the organisation depends on the deployment model:

Self-Managed: The employee is registered in the organisation’s Identity Provider.
SaaS Enterprise (integrated with IdP): The employee is registered in the organisation’s Identity Provider.
SaaS (built-in Auth0): CoE Admin invites the new employee to the organisation in Hub and assigns an organisation role.

Assign to Workspace(s)

Navigate to organisation workspace management — CoE Admin opens Hub and goes to the organisation-level workspace management.
Check if the employee is already an org member:
- If yes — Add the org member (new employee) to workspace(s) and assign workspace role.
- If no — Invite the new employee via email to workspace(s) and assign workspace role. The invited user will get basic org-level access to Hub when the invite is accepted.
New workspace member is notified — The new employee receives a notification that they were added to (or invited to) the workspace.
User has scoped access — The new workspace member sees only the workspaces they are added to.

Onboard New Team Lead to Hub

Context: A team lead of a new team needs to get access to Hub to onboard their team and build process solutions. There are two onboarding paths depending on the level of autonomy the Team Lead should have.

Option A: Add Team Lead as Workspace Admin to a Specific Workspace

The CoE Admin assigns the Team Lead to a pre-created workspace. The Team Lead has basic org-level access and can manage only the workspace(s) they are added to.

Ensure the Team Lead has access to the organisation:
- Self-Managed / SaaS Enterprise (integrated with IdP): The Team Lead is registered in the organisation’s Identity Provider.
- SaaS (built-in Auth0): CoE Admin invites the Team Lead to the organisation in Hub.
Navigate to organisation workspace management — CoE Admin opens Hub and goes to the organisation-level workspace management.
Add the Team Lead to the workspace — Adds or invites the Team Lead to the workspace and assigns the Workspace Admin role. The Team Lead gets basic org-level access to Hub.
Team Lead is notified — The Team Lead is notified that they were added to the workspace.
Team Lead has scoped access — The Team Lead can see and manage only the workspaces they are added to.

Option B: Add Team Lead as Workspace Manager to the Organisation

The CoE Admin gives the Team Lead the Workspace Manager organisation role. The Team Lead can create and manage their own workspaces without CoE Admin involvement.

Ensure the Team Lead has access to the organisation:
- Self-Managed / SaaS Enterprise (integrated with IdP): The Team Lead is registered in the organisation’s Identity Provider.
- SaaS (built-in Auth0): CoE Admin invites the Team Lead to the organisation in Hub.
Assign the Workspace Manager org role — Assigns the Team Lead the Workspace Manager organisation role.
Team Lead is notified — The Team Lead is notified that they were added to the organisation.
Team Lead can self-manage workspaces — With the granted Workspace Manager role, the Team Lead can create workspaces in the Hub organisation and manage the created workspaces. The Team Lead does not have permission to assign clusters to workspaces.

Camunda Hub

Explorer