Summary

In this article, we will go through the steps of adding and managing Samsara Cloud users. To set up Users, you will need to first set up their Roles to specify their permissions, then Tags to specify their access levels.

Definitions

1. User Roles & Permissions - This is to set what the user can / cannot do in the Cloud. Permissions are set up by creating Roles and assigning that user to the roles.

  • For example, the ability View sites and the site cameras assigned to those sites

2. User Access Levels & Tags - This is to set what Site Cameras & Gateways the user can / cannot access in the Cloud. User access levels can be set at both the Organization level (access to all Assets) and the Asset level (access to a cameras, gateways, etc.).

  • For example, the ability to view a Camera’s feed based on the user’s location. Access Levels are set up by creating Tags and assigning that user to the tags.

Set up Users

  1. Navigate to Settings on the bottom left of the Samsara Cloud

  2. Go to User and Roles at the bottom left of your dashboard.

    mceclip1.png

  3. Invite User

    1.  

  4. Add the user’s details and assign them to a Role and Access level (see below for Roles and Permissions)

    2. When inviting a new user you have a default list of roles, you will have the following default options:

      1. A "Full Admin" with "Entire Organization" access has complete write control over their entire organization. They can view all pages devices and control the role and access of other users. It is the highest permission level in the organization.

      2. A "Standard Admin" with "Entire Organization" access has complete control over the entire organization except for financial information (billing, invoicing, licensing, etc).

      3. A "Read Only Admin" only has view permissions on the selected Access. A "Read Only Admin" with "Entire Organization" access can view all devices and sites but not make changes.

  5. To set up custom Roles (for permissions) and Tags (for access levels), see below for more details on how to set that up.

Set up User Roles to Manage Permissions

Definition

User Roles are used to group users with set permissions in the Samsara cloud. For example, the ability to view or edit Camera or Gateway settings. Permissions are set up by creating Roles and assigning that user to the roles.

Steps below on how to set up Roles:

  1. Navigate to Roles tab under “Users and Roles”

    1.  

  2. Name the Role. You can select view or edit options for basic, organizational, advance, Site permissions, and more.

  3. Select specific “Essential” and “Site” permissions. Once a role is defined and saved, it will be available in the role dropdown field when you add or edit a user.

Site Roles Template

In the below spreadsheet, there are a few example roles to help manage large organizations with many users like: Operations, Safety, etc.

Use this [Example] template to map out the permissions for each Role, then as a guide when creating the actual Roles in the Samsara Cloud.

Samsara Sites - Permissions by Role Template

Once you set up the Role, assign the Role to each individual User:

Set up User Tags to Manage Access Levels

Definition

User Tags help to restrict user access levels to specific Assets. Users can have access levels at both the Organization level (access to everything) and the Asset level (access to a subset of assets, IO, gateways, etc.).

For example: A Safety Manager from the Texas warehouse might be assigned as a User with the “Safety” Role. However, he/she only cares about the Cameras in the Texas warehouse. To ensure she/he only has visibility to Texas assets in the Samsara Cloud, he/she will be given Access = “Texas,” and will be able to see data of Cameras in that warehouse.

Before adding a User, you need to assign an Access level. You can restrict access based on Assets (or groups of Assets) using Tags/Labels.

To set up the right access level, you will first need to set up Tags in the Samsara Cloud: Create Tags to Restrict User Access

Log In As Another User / Impersonate a User

Samsara Cloud administrators can log into Samsara as another user (impersonate a user) to help troubleshoot problems or check user access levels. This feature is available to all Full Admins and custom Roles with the permission to “Log in as Other Users” under the “Advanced” section of custom roles.

See steps below to impersonate user:

  1. Ensure you are a Full Admin or have user access to logging in as another user.

  2. To give someone this ability, go to Users and Roles, then Roles, then select the Role of the user(s) you’d like to have the ability to log in as another user.

    1.  

  3. Once in the page for the specific Role setting, go to the bottom under “Advanced,” check the box below, then hit Save for the Role.

    1.  

  4. Assign someone with this Role

  5. To actually impersonate a user, find the User, hit the three dots on the right of their name, then select “Log in as User”

    1.  

  6. You will now see a purple banner at the top of the Cloud page, telling you who you are logged in as. Navigate to any Samsara page and you will see what they’d see when logged in

     

  7. We give the option to toggle between Read Only and Writes Enabled

    1. With Read Only mode, you will be blocked from performing write actions (such as updating vehicle information, adding a driver, creating a route, etc.)

    2. With Writes Enabled, any actions you take on behalf of this user cannot be undone

Security Measures of Impersonating a User

For security, these measures apply when administrators and support users log in as another user:

  1. The act of logging in and logging out as another user is tracked in the Activity Log.

  2. All actions taken while the user is logged in as another user are tracked as being performed by that user.

  3. All sessions logged in as another user are set to expire after 4 hours.

  4. A user can only log in as a user if they have access to do so over all domains. 

    1. For example, if a user only has access to log in as another user for a single Asset (under Access level when adding a User), they will not be able to log in as any users who belong to other Assets. Similarly, if a user has access to log in as another user for a single Samsara Cloud organization, they will not be able to log in as any users who belong to any other Samsara Cloud organizations.