Identity and Access Management

The Identity and Access Management (IAM) functionality lets you have the ability to control user access rights to view and make changes in specific parts of Discovery.

📘

See Identity and Access Management (Content) for a list of default roles for Content.

User Interface


The user management UI allows for creation, modification, and deletion of users and contains admin roles to assign and revoke permissions to users. Typically, these UI features will be managed by an admin who is either a business user or an IT admin at your organization. The admin will be the one who has access to the user management UI and can make changes to users.

The UI allows for the following:

  1. Creation of new users
  2. Management of user data
  3. Resetting of passwords
  4. Role assignment
  5. Deletion of users

Add a New User


  1. Navigate to Setup in the left nav
  2. Click on User management
  3. Click on the Add New User button
  4. Fill in the user's information, including e-mail address, and select their site access and roles
  5. Click on Add New User to complete the process

Manage an Existing User


  1. Navigate to Setup in the left nav
  2. Click on User management
  3. Click on the Manage dropdown in the Action column
  4. In the dropdown, you will see three choices:
    1. Manage User: change or remove assigned roles and site access
    2. Resend Invitation Email: reset the password for the user and send a password reset e-mail automatically to the e-mail address listed for that given user
    3. Delete User: remove the user completely from access to Discovery. This action is not reversible.

Default Roles


The following default roles are supported in IAM. These are the roles that an IAM admin can assign to Users. You will only see the roles that are reflective of the Bloomreach products you have integrated on. For example, if you are not integrating Insights and are not an Insights customer, you will not see the "Insights User" role and will not be able to assign this role to anybody. 

Role

Role Definition

Site Search User

Read/Write

A Site Search User has access to the following Discovery apps:

Search & Merchandising

  • Site Search
  • Ranking rules
  • Redirects
  • Facets
  • Autosuggest blacklist
  • Synonyms
  • Operational tools
  • Campaigns & assets
  • Campaigns
  • Assets
  • Ranking Diagnostics
    Insights
  • Account analytics
  • Account overview
  • Account API usage
  • Site search analytics
  • Overall performance
  • Top keywords
  • No revenue keywords
  • No search results keywords
  • Recommendations analytics
  • Just for you
  • More like this
    Testing
    Merchandising Audience
    Setup
  • brSM global configurations
  • Global ranking rules
  • Global facet management
  • API modifier
  • API details

Site Search - Read Only

Read Only

A Site Search - Read Only has read-only access to the following Discovery apps:

Search & Merchandising

  • Site Search
  • Ranking rules
  • Redirects
  • Facets
  • Autosuggest blacklist
  • Synonyms
  • Operational tools
  • Campaigns & assets
  • Campaigns
  • Assets
  • Ranking Diagnostics
    Insights
  • Account analytics
  • Account overview
  • Account API usage
  • Site search analytics
  • Overall performance
  • Top keywords
  • No revenue keywords
  • No search results keywords
  • Recommendations analytics
  • Just for you
  • More like this
    Testing
    Merchandising Audience
    Setup
  • brSM global configurations
  • Global ranking rules
  • Global facet management
  • API modifier
  • API details

Category User

Read/Write

A Category User has access to the following Discovery apps:

Categories

  • All category pages
  • Facets
    Insights
  • Account analytics
  • Account overview
  • Account API usage
  • Category analytics
  • Overall performance
  • Top categories
  • Recommendations analytics
  • Just for you
  • More like this
    Testing
    Merchandising Audience
    Setup
  • brSM global configurations
  • Global facet management
  • API modifier
  • API details

Category User - Read Only

Read Only

A Category User - Read Only user has read-only access to the following Discovery apps:

Categories

  • All category pages
  • Facets
    Insights
  • Account analytics
  • Account overview
  • Account API usage
  • Category analytics
  • Overall performance
  • Top categories
  • Recommendations analytics
  • Just for you
  • More like this
    Testing
    Merchandising Audience
    Setup
  • brSM global configurations
  • Global facet management
  • API modifier
  • API details

Insights User

Read/Write

An Insights user has access to the following Discovery apps:

Insights

  • Opportunities
  • Top opportunities
  • Improve category navigation
  • Improve site search
  • Activities
  • Playbooks
  • Collections
  • Product collections
  • Category collections
  • Page collections
  • Query collections
  • Brand collections
  • Library
  • Overview
  • Sitewide overview
  • Site search overview
  • Site search KPIs
  • Reporting
  • Category page diagnostics
  • Product dashboard
  • Brand dashboard
  • Page dashboard
  • Site search diagnostics
    Setup

Insights User - Read Only

Read Only

An Insights User - Read Only user has read-only access to the following Discovery apps:

Insights

  • Opportunities
  • Top opportunities
  • Improve category navigation
  • Improve site search
  • Activities
  • Playbooks
  • Collections
  • Product collections
  • Category collections
  • Page collections
  • Query collections
  • Brand collections
  • Library
  • Overview
  • Sitewide overview
  • Site search overview
  • Site search KPIs
  • Reporting
  • Category page diagnostics
  • Product dashboard
  • Brand dashboard
  • Page dashboard
  • Site search diagnostics
    Setup

Dev Studio User

Read/Write

A Dev Studio User has access to the following Discovery apps:

  • Dev Studio
  • Pixel monitor
  • Feed
  • Status (can click and execute Feed Revert button)
  • API explorer
  • API details

Dev Studio User - Read Only

Read Only

A Dev Studio Read Only User has read-only access to the following Discovery apps:

  • Dev Studio
  • Pixel monitor
  • Feed
  • Status (can click and execute Feed Revert button)
  • API explorer
  • API details

Dev Studio User (Feed Config)

Read/Write

A Dev Studio User (Feed Config) has access to the following Discovery apps:

  • Dev Studio
  • Account information
  • Pixel monitor
  • Feed
  • Configuration
  • Status
  • Attribute configuration
  • API explorer

Dev Studio User (Feed Config) - Read Only

Read Only

A Dev Studio User (Feed Config) - Read Only has read-only access to the following Discovery apps:

  • Dev Studio
  • Account information
  • Pixel monitor
  • Feed
  • Configuration
  • Status
  • Attribute configuration
  • API explorer

IAM Admin

Read/Write

An IAM Admin has access to the following Discovery apps:

  • Setup
  • User management
  • API details

This role can only be assigned and given by the Bloomreach support team.

Organic (Widgets) User

Read/Write

An Organic (Widgets) User has access to the following Discovery apps:

Insights

  • Account analytics
  • Account overview
  • Account traffic breakdown
  • Account API usage
  • SEO analytics
  • Overall performance
  • Incremental
  • Targeted pages
  • Overview
  • Top performing page
  • Device traffic
  • Overall
  • Desktop
  • Mobile
  • Tablet

Organic (Widgets) User - Read Only

Read Only

An Organic (Widgets) User - Read Only has read-only access to the following Discovery apps:

Insights

  • Account analytics
  • Account overview
  • Account traffic breakdown
  • Account API usage
  • SEO analytics
  • Overall performance
  • Incremental
  • Targeted pages
  • Overview
  • Top performing page
  • Device traffic
  • Overall
  • Desktop
  • Mobile
  • Tablet

Organic (Thematic) User

Read/Write

An Organic (Thematic) User has access to the following Discovery apps:

SEO
Insights

  • Account analytics
  • Account overview
  • Account traffic breakdown
  • Account API usage
  • SEO analytics
  • Overall performance
  • Incremental
  • Generated pages
  • Overview
  • Top performing pages
  • Device traffic
  • Overall
  • Desktop
  • Mobile
  • Tablet
    Setup
  • Global facet management
  • API details

Organic (Thematic) User - Read Only

Read Only

An Organic (Thematic) User - Read Only has read-only access to the following Discovery apps:

SEO
Insights

  • Account analytics
  • Account overview
  • Account traffic breakdown
  • Account API usage
  • SEO analytics
  • Overall performance
  • Incremental
  • Generated pages
  • Overview
  • Top performing pages
  • Device traffic
  • Overall
  • Desktop
  • Mobile
  • Tablet
    Setup
  • Global facet management
  • API details

Pathways User

Read/Write

A Pathways and Recommendations user has access to the following Discovery apps:

Search & Merchandising

  • Site Search
  • Ranking rules
  • Redirects
  • Facets
  • Autosuggest blacklist
  • Synonyms
  • Categories
  • Ranking rules
  • All category pages
  • Facets
  • Operational tools
  • Campaigns & assets
  • Campaigns
  • Assets
  • Ranking Diagnostics
    Pathways & Recommendations
    Insights
  • Account analytics
  • Account overview
  • Account API usage
  • Site search analytics
  • Overall performance
  • Top keywords
  • No revenue keywords
  • No search results keywords
  • Category analytics
  • Overall performance
  • Top categories
  • Recommendations analytics
  • Just for you
  • More like this
    Testing
    Merchandising Audience
    Setup
  • brSM global configurations
  • Global ranking rules
  • Global facet management

Pathways User - Read Only

Read Only

A Pathways and Recommendations - Read Only User has access to the following Discovery apps:

Search & Merchandising

  • Site Search
  • Ranking rules
  • Redirects
  • Facets
  • Autosuggest blacklist
  • Synonyms
  • Categories
  • Ranking rules
  • All category pages
  • Facets
  • Operational tools
  • Campaigns & assets
  • Campaigns
  • Assets
  • Ranking Diagnostics
    Pathways & Recommendations
    Insights
  • Account analytics
  • Account overview
  • Account API usage
  • Site search analytics
  • Overall performance
  • Top keywords
  • No revenue keywords
  • No search results keywords
  • Category analytics
  • Overall performance
  • Top categories
  • Recommendations analytics
  • Just for you
  • More like this
    Testing
    Merchandising Audience
    Setup
  • brSM global configurations
  • Global ranking rules
  • Global facet management

IAM Site Hierarchy 


Bloomreach customer hierarchy is Parent Organization → Account → Site. 

A user can be assigned a role at any node in this hierarchy: they can be assigned a role at the Parent Organization node, the Account node, or the Site node.  If a role is given to a node at a higher level, it is propagated to all levels below it. For example, if user A was assigned the "Insights User" role at the Organization node, they would also be an "Insights User" at the Site node. However, if they were assigned "Insights User" at the Site node, they would have the "Insights User" role at the Organization node.

Most customers will choose to assign users roles at the Account node. If the customer has a multisite account, they may choose to give users permission at the Organization level (for wider permissions) or at the Site level (for more scoped permissions). 

The following are more detailed descriptions of the concepts in IAM. 

Organization also known as Parent OrganizationParent organization is a top node of the Bloomreach customer hierarchy of

Parent Organization → Account → Site.

Each customer has a Parent Organization. A Parent organization can contain multiple Accounts and each account can contain multiple Sites.

It is important to note that Users exist at an Organization level. Because of this, the IAM Admin role only exists at an organization node in the hierarchy and users can only be managed at the Organization level.
AccountAn Account is made up of a group of Sites under the same Organizaiton. Roles can be assigned at the Account level.
SiteA Site is the lowest node of the customer hierarchy. Roles can be assigned at the Site level.

Did this page help you?