Apps and Team
Organizations
An organization represents your company’s subscription with Moesif and is created when you signed up. Team members and applications are associated with your organization. Self-serve plans typically have just a single organization. However, enterprise plans can create complex organizational structures such as to manage quotas for different departments and business units. Contact us for info on this.
Applications
An application represents a single environment in Moesif which allows you to keep data isolated and organized. All applications within your organization share the same plan quotas so you don’t need to purchase multiple plans.
You should create separate Moesif applications for different environments like “Staging” and “Production” to keep data isolated and organized. You can also clone dashboard configuration between applications, which makes setup easier.
Your events, users, companies, dashboards, and automation rules are scoped to a single application. This means user id 1234
in one application may refer to different customer than user id 1234
in another application.
You can edit the below settings under Apps and Team.
There is a soft limit of 10 apps which is sufficient for most customers. Please contact us if you need this limit raised or need to understand how to best organize your data.
Name
The friendly name for your application such as Development API
Time Zone
If set, all reports and times will use this time zone for all team members. By default, charts are rendered using the Browser’s local time which may not be ideal for companies with global teams. Setting a global time zone ensures all team members are looking at the same metrics.
Weeks Starts On
If set, all weekly intervals will start on this day for all team members. By default, weeks start on Monday which may not be aligned with your internal reporting. Similar to setting a global time zone, this enables all team members to use the same day for the start of weeks.
Changing time zone or week starts on will not update previously saved workspaces and tags. However, you can copy or re-save any existing workspaces to ensure they are updated with your latest settings.
Team members
You can invite multiple team members to your Moesif organization as specified by your current plan. To add team members, go to Apps and Team under the bottom left menu in the Moesif portal.
it’s recommended to also set up Multi-Factor Authentication within Moesif or your enforce it within your identity provider for best security posture.
Role-based access control
Moesif supports role-based access control to maintain internal security and compliance. All plans have three built-in roles, Admin, Member, and Read-only. Enterprise plans can create additional roles via Custom Roles.
Role | Description |
admin |
The admin role can add/delete team members, modify subscription, access security audit logs in addition to all permissions by member role. |
member |
The member role has access to most features in Moesif and is recommended for majority of team members. |
read-only |
The read-only role can view data, but cannot create anything. They cannot create share links or export data. |
dashboard-viewer |
A limited access role that can only view dashboards, but not create new dashboards. |
Custom Roles
If you have an Enterprise plan, you can create custom roles based on Moesif’s API scopes. This enables you to have fine-grained permission control based on team and responsibility.
- For example, you can create a support role that can only view API logs, but not dashboards
- Or create a a dashboard-editor role that can only view and edit dashboards, but not automation settings.
Newly created custom roles may take a few minutes to be propagated. If you immediately assign a user to a new role, they may experience permission errors.
To do so, click the Edit Roles button under Apps & Team Settings.
From there, select New Custom Role. This will bring up the scopes picker. You can add or remove scopes based on your security requirements. View API scopes for a full description of each permission.
At the top, we recommend selecting an existing role at the top to use as a starting point and then modify as needed.
Privacy Rules
Roles can also be associated with a set of privacy rules. This enables you to redact or limit access to sensitive fields based on the team member’s role. To learn more, view Docs on Privacy Rules.
Restricting Identity Providers
Moesif offers a method to restrict logins to your organization to one of the three social identity providers that Moesif supports:
- Microsoft
- Github
This can be helpful if you want to prevent account sharing and leverage security features like Multi-Factor Authentication (2FA). For example, you can restrict logins to Google if your company is already using Google Workplace. This feature is available for any paying customers.
While this feature can improve your security posture, it’s not intended to be a replacement for Enterprise Single Sign-On which provides much greater control for strict compliance needs. Enterprise customers can leverage Moesif Single Sign-On which supports Active Directory, Okta, or any SAML compatible identity providers.
In order to access this feature, click on Edit Identity Providers as seen below.
You can then specify the identity provider that you wish to restrict access from.