Roles and responsibilities: Governance and key stakeholder identification

The efficient adoption of the Digibee Integration Platform requires well-structured governance and the identification of key stakeholders to fulfill various roles. This approach ensures that the Platform aligns with your organization’s strategic and operational goals, promoting efficiency and scalability.

Why is it so important?

Strategic direction: Engaging the right stakeholders from the beginning helps align Platform usage with business objectives.
Operational efficiency: Clear role definitions reduce friction and promote smoother communication among stakeholders.
Process sustainability: Assigning specific responsibilities supports scalability and effective monitoring of the Platform.

Platform Governance Structure

Realms → Projects → Pipelines

In Digibee, the Platform organization is based on realms, projects, and pipelines. A realm can encompass multiple projects, and a project can include multiple pipelines.

To ensure users have the necessary access to develop and monitor integrations aligned with business processes, it is essential to properly configure and manage governance for access and permissions.

The Digibee Integration Platform allows permissions to be customized at both the realm and project levels, simplifying user administration. Additionally, integration with an Identity Provider (IdP) provides centralized authentication, while groups and roles clearly define user responsibilities for performing activities.

Key stakeholders for customers

Establishing a key stakeholder structure is recommended for all Digibee customers. This practice ensures that critical processes are managed by designated individuals, guaranteeing adequate monitoring and efficient resolution of demands.

Sponsor (Contract Owner): Ensures the maximization of the investment’s value in Digibee by strategically managing the contract. Acts as the primary contact point with Digibee, negotiating renewals, upgrades, and additional services aligned with business needs.
Pipeline Owner: A technical person on the customer side responsible for ensuring the technical operation of pipelines. This person acts as the main technical reference, developing pipelines in Digibee.
Operations Owner: Oversees monitoring and observability of the Digibee Integration Platform, including monitoring Platform behavior, data consumption, and error logs.
Platform Manager: Responsible for defining and maintaining governance within Digibee.
Credential Manager: Manages account control and registration within the Platform.
Access Manager: Responsible for access control and the assignment of roles and groups within the Platform.

Access Control or RBAC (Role-Based Access Control)

Identity Provider (IdP)

One of the most important decisions for structuring Digibee Integration Platform governance is whether to use an IdP. Digibee enables integration of the Platform’s access control with the IdP already in place within your organization.

By opting to use an IdP, you can also customize authentication rules by domain. For each domain, it is possible to specify whether user governance will follow the existing IdP structure or if new permissions will be created. Example:

@company.com → DigibeeIdP
@company1.com → IdP only

To configure domain-based IdP settings, access our documentation to learn the authentication rules.

The registration process is self-service: our documentation guides you through the entire process, enabling you to configure this integration independently. Read the documentation to configure your IdP in Digibee.

Roles and Permissions

Defining roles and permissions is a central aspect of governance. In Digibee, a comprehensive set of standard roles is automatically created when a realm is configured, addressing most customer needs.

On the Digibee Integration Platform, permissions are managed by associating users with groups. Groups, in turn, are associated with roles, with roles defining sets of permissions. These permissions can vary depending on the environment the user is working in: test or prod.

Standard roles: Automatically configured during realm creation.
Customization: Additional roles can be created and edited to meet specific needs.

Instead of creating new roles, we recommend organizations edit or adjust groups to address specific demands, leveraging the flexibility of the standard roles provided.

To review existing permissions on the platform, access the list of permissions by service. If you need to create, edit, or delete roles, refer to our roles documentation.

Groups

Once roles and permissions are defined, users are organized into groups, streamlining access management at scale by grouping users into sets with specific permissions.

Default groups: Automatically created within the realm.
Customization: Allows the creation of additional groups and their association with roles.

For instructions on creating new groups, assigning roles to groups, and editing existing groups, refer to the groups documentation.

Configuring IdP Groups with Digibee Groups

For organizations that choose to use an IdP, it is possible to associate IdP groups with Digibee groups. This integration simplifies and automates access management, ensuring that changes in IdP groups, such as adding or removing members, are automatically reflected in Digibee. This reduces manual effort and maintains aligned governance.

Follow these steps to configure the association:

Create the group in Digibee (without assigning permissions at this point).
Configure the group mapping in the IdP:
- XPath: Customer AD path.
- ID Code: Corresponding group name in Digibee.
Manually adjust additional permissions as needed.

For more details, read the documentation.

Created groups do not automatically assume new roles introduced later. When a new feature affects a role, permissions will not be associated by default. In such cases, you must manually associate the new permission with the group and save the settings. Use (and edit, if necessary) Digibee's default groups if you want to receive default access to new features.

User inclusion

With the IdP configured and groups registered, user association is automatic. If you do not use an IdP, user inclusion must be performed manually by linking them to groups and projects as necessary.

How to Structure Responsibilities?

Below are recommendations for structuring responsibilities, considering team size and complexity:

Smaller Teams (Integrated Dev + Ops): Ideal for organizations with agile and smaller teams.

Pipeline Owner and Developers:
- Groups: Developers, Deployers
- Responsibilities: Developing and deploying pipelines, managing external accounts, and credentials.
Operations Owner and Platform Manager / Architects / Tech Leads:
- Groups: Access-Managers, Governance-Managers, Support
- Responsibilities: Access control, governance standard definitions, and operational support.

Larger Teams (Separated Dev + Ops): Recommended for organizations with higher control and specialization needs.

Pipeline Owner:
- Developers:
  - Groups: Developers
  - Responsibilities: Developing pipelines and integrating with external systems.
- Deployers:
  - Groups: Deployers
  - Responsibilities: Deploying pipelines and managing executions.
Operations Owner:
- Operations:
  - Groups: Support
  - Responsibilities: Platform monitoring, log analysis, and operational support.
Platform Manager / Architects / Tech Leads:
- Groups: Access-Managers, Governance-Managers, Support
- Responsibilities: Governance, access control, and strategic support.

PreviousList of permissions by service NextIdentity provider integration

Last updated 3 months ago

Was this helpful?