The Identity and Access Management (IAM) functionality lets you have the ability to control user access rights to view and make changes in specific parts of Bloomreach Discovery.
See [Identity and Access Management (Content)](🔗) for a list of user roles for Bloomreach Content.
# IAM Site Hierarchy
Bloomreach customer hierarchy is **`Parent Organization
` → `Account
` → `Site
`.**
A user can be assigned a role at any node in this hierarchy: they can be assigned a role at the Parent Organization node, the Account node, or the Site node. If a role is given to a node at a higher level, it is propagated to all levels below it. For example, if user A was assigned the "`Insights User
`" role at the Organization node, they would also be an "`Insights User
`" at the Site node. However, if they were assigned "`Insights User
`" at the Site node, they would not have the "`Insights User
`" role at the Organization node.
Most customers will choose to assign users roles at the Account node. If the customer has a multisite account, they may choose to give users permission at the Organization level (for wider permissions) or at the Site level (for more scoped permissions).
The following are more detailed descriptions of the concepts in IAM.
Hierarchy level | Description |
Organization - also known as Parent Organization | Parent organization is a top node of the Bloomreach customer hierarchy of<br><br>Parent Organization → Account → Site.<br><br>Each customer has a Parent Organization. A Parent organization can contain multiple Accounts, and each account can contain multiple Sites.<br><br>It is important to note that Users exist at an Organization level. Because of this, the IAM Admin role only exists at an organization node in the hierarchy, and users can only be managed at the Organization level. |
Account | An Account is made up of a group of Sites under the same Organization. Roles can be assigned at the Account level. |
Site | A Site is the lowest node of the customer hierarchy. Roles can be assigned at the Site level. |
# User Interface
The user management UI allows for user creation, modification, and deletion and contains admin roles to assign and revoke user permissions. Typically, these UI features will be managed by an admin who is either a business user or an IT admin at your organization. The admin will have access to the user management UI and can make changes to users.
The UI allows for the following:
Creation of new users
Management of user data
Resetting of passwords
Role assignment
Deletion of users
# Add a New User
Navigate to Setup in the left nav
Click on User management
Click on the Add New User button
Fill in the user's information, including e-mail address, and select their site access and roles
Click on Add New User to complete the process
## Adding a New User for SSO-enabled clients
Regular user creation from the IAM dashboard will not work for SSO-enabled users, as authentication must be done through your SSO provider.
SSO-enabled users should log in directly through their SSO provider using the steps provided below:
Go to the Bloomreach dashboard login page(<https://tools.bloomreach.com>).
Type in the SSO client's email and click login.
This will take you to your own SSO provider login page. Complete the login here using your SSO credentials.
Post login, you’ll be redirected to the Bloomreach dashboard.
On your first login, a new user will be automatically generated and granted default access (as defined during requirement collection for [SSO setup](🔗)). The IAM admin can follow up later and modify the user's access in the IAM dashboard.
# Manage an Existing User
Navigate to Setup in the left nav
Click on User management
Click on the Manage dropdown in the Action column
In the dropdown, you will see three choices:
Manage User: change or remove assigned roles and site access
Resend Invitation Email: reset the password for the user and send a password reset e-mail automatically to the e-mail address listed for that given user
Delete User: remove the user completely from access to Discovery. This action is not reversible.
# User Roles
The following user roles are supported in IAM. These are the roles that an IAM admin can assign to Users. You will only see the roles that are reflective of the Bloomreach products you have integrated on. For example, if you are not integrating Insights and are not an Insights customer, you will not see the "Insights User" role and will not be able to assign this role to anybody.
Role Group | **Role(s)** | Permissions |
- | <h5>AlgoControl User | An **`AlgoControl User `** has Read/Write access to the [Dashboard Controls](🔗) feature. |
- | <h5>AlgoSegmentation User | An **`AlgoSegmentation User `** has access to the [Real-Time Segments for Discovery](🔗) feature. The user will also receive email notifications for the exposed segmentation. |
**Category Roles** | <li>Category User <li>Category User - Read Only | For the following Discovery apps, a**`Category User `** has Read/Write access and **`Category User - Read Only `** has read-only access.
<details class="table-details">
<summary>Categories</summary>
<p>- All category pages</p>
<p>- Facets</p>
</details>
<details class="table-details">
<summary>Insights</summary>
<p>- Account analytics</p>
<p>- Account overview</p>
<p>- Account API usage</p>
<p>- Category analytics</p>
<p>- Overall performance</p>
<p>- Top categories</p>
<p>- Recommendations analytics</p>
<p>- Just for you</p>
<p>- More like this</p>
</details>
Testing
Merchandising Audience
<details class="table-details">
<summary>Setup</summary>
<p>- brSM global configurations</p>
<p>- Global facet management</p>
<p>- API modifier</p>
<p>- API details</p>
</details> |
<h5>**DataConnect Roles** | <li>DataConnect Admin <li>DataConnect User | **`DataConnect Admin `** user has Read/Write permission to view and manage their catalog data via [Catalog Management](🔗).
**`DataConnect User `** has Read/Write permission to view and manage their catalog data via [Catalog Management](🔗). |
**Dev Studio Roles** | <li>Dev Studio User<li>Dev Studio User - Read Only | For the following Discovery apps, a **`Dev Studio User `** has Read/Write access and a **`Dev Studio User - Read Only `** has read-only access.
<details class="table-details">
<summary>Dev Studio</summary>
<p>- Pixel monitor</p>
<p>- Feed</p>
<p>- Status (can click and execute Feed Revert button)</p>
<p>- API explorer</p>
<p>- API details</p>
</details> |
**Dev Studio (Feed Config) Roles** - Only applicable to [Bloomreach Partners](🔗) | <li>Dev Studio (Feed Config) User<li>Dev Studio (Feed Config) User - Read Only | For the following Discovery apps, a **`Dev Studio (Feed Config) User `** has Read/Write access and a **`Dev Studio (Feed Config) User - Read Only `** has read-only access.
<details class="table-details">
<summary>Dev Studio</summary>
<p>- Account information</p>
<p>- Pixel monitor</p>
<p>- Feed</p>
<p>- Configuration</p>
<p>- Status</p>
<p>- Attribute configuration</p>
<p>- API explorer</p>
</details> |
- | <h5>IAM Admin | An **`IAM Admin `** has Read/Write access to the following Discovery apps.
<details class="table-details">
<summary>Setup</summary>
<p>- User management</p>
<p>- API details</p>
</details> |
**Insights Roles** | <li>Insights User <li>Insights User - Read Only | For the following Discovery apps, an **`Insights user `** has Read/Write access and an **`Insights User - Read Only `** user has read-only access.
<details class="table-details">
<summary>Insights</summary>
<p>- Opportunities</p>
<p>- Top opportunities</p>
<p>- Improve category navigation</p>
<p>- Improve site search</p>
<p>- Activities</p>
<p>- Playbooks</p>
<p>- Collections</p>
<p>- Product collections</p>
<p>- Category collections</p>
<p>- Page collections</p>
<p>- Query collections</p>
<p>- Brand collections</p>
<p>- Library</p>
<p>- Overview</p>
<p>- Sitewide overview</p>
<p>- Site search overview</p>
<p>- Site search KPIs</p>
<p>- Reporting</p>
<p>- Category page diagnostics</p>
<p>- Product dashboard</p>
<p>- Brand dashboard</p>
<p>- Page dashboard</p>
<p>- Site search diagnostics</p>
</details>
Setup |
**Organic (Thematic) Roles** | <li>Organic (Thematic) User <li>Organic (Thematic) User - Read Only | For the following Discovery apps, an **`Organic (Thematic) User `** has Read/Write access and an **`Organic (Thematic) User - Read Only `** has read-only access.<br>
SEO <br>
<details class="table-details">
<summary>Insights</summary>
<p>- Account analytics</p>
<p>- Account overview</p>
<p>- Account traffic breakdown</p>
<p>- Account API usage</p>
<p>- SEO analytics</p>
<p>- Overall performance</p>
<p>- Incremental</p>
<p>- Generated pages</p>
<p>- Overview</p>
<p>- Top performing pages</p>
<p>- Device traffic</p>
<p>- Overall</p>
<p>- Desktop</p>
<p>- Mobile</p>
<p>- Tablet</p>
</details>
<details class="table-details">
<summary>Setup</summary>
<p>- Global facet management</p>
<p>- API details</p>
</details> |
**Organic (Widgets) Roles** | <li>Organic (Widgets) User <li>Organic (Widgets) User - Read Only | For the following Discovery apps, an **`Organic (Widgets) User `** has Read/Write access and an **`Organic (Widgets) User - Read Only `** has read-only access.<br>
<details class="table-details">
<summary>Insights</summary>
<p>- Account analytics</p>
<p>- Account overview</p>
<p>- Account traffic breakdown</p>
<p>- Account API usage</p>
<p>- SEO analytics</p>
<p>- Overall performance</p>
<p>- Incremental</p>
<p>- Targeted pages</p>
<p>- Overview</p>
<p>- Top performing page</p>
<p>- Device traffic</p>
<p>- Overall</p>
<p>- Desktop</p>
<p>- Mobile</p>
<p>- Tablet</p>
</details> |
**Pathways Roles** | <li>Pathways User <li>Pathways User - Read Only | For the following Discovery apps, a **`Pathways User `** has Read/Write access and a **`Pathways User - Read Only `** has read-only access.<br>
<details class="table-details">
<summary>Search & Merchandising</summary>
<p>- Site Search</p>
<p>- Ranking rules</p>
<p>- Redirects</p>
<p>- Facets</p>
<p>- Autosuggest blacklist</p>
<p>- Synonyms</p>
<p>- Categories</p>
<p>- Ranking rules</p>
<p>- All category pages</p>
<p>- Facets</p>
<p>- Operational tools</p>
<p>- Campaigns & assets</p>
<p>- Campaigns</p>
<p>- Assets</p>
<p>- Ranking Diagnostics</p>
</details>
Pathways & Recommendations<br>
<details class="table-details">
<summary>Insights</summary>
<p>- Account analytics</p>
<p>- Account overview</p>
<p>- Account API usage</p>
<p>- Site search analytics</p>
<p>- Overall performance</p>
<p>- Top keywords</p>
<p>- No revenue keywords</p>
<p>- No search results keywords</p>
<p>- Category analytics</p>
<p>- Overall performance</p>
<p>- Top categories</p>
<p>- Recommendations analytics</p>
<p>- Just for you</p>
<p>- More like this</p>
</details>
Testing <br>
Merchandising Audience<br>
<details class="table-details">
<summary>Setup </summary>
<p>- brSM global configurations</p>
<p>- Global ranking rules</p>
<p>- Global facet management</p>
</details> |
**Site Search Roles** | <li>Site Search User <li>Site Search - Read Only | For the following Discovery apps, a **`Site Search User `** has Read/Write access and a **`Site Search - Read Only `** has read-only access.<br>
<details class="table-details">
<summary>Search & Merchandising</summary>
<p>- Site Search</p>
<p>- Ranking rules</p>
<p>- Redirects</p>
<p>- Facets</p>
<p>- Autosuggest blacklist</p>
<p>- Synonyms</p>
<p>- Operational tools</p>
<p>- Campaigns & assets</p>
<p>- Campaigns</p>
<p>- Assets</p>
<p>- Ranking Diagnostics</p>
</details>
<details class="table-details">
<summary>Insights</summary>
<p>- Account analytics</p>
<p>- Account overview</p>
<p>- Account API usage</p>
<p>- Site search analytics</p>
<p>- Overall performance</p>
<p>- Top keywords</p>
<p>- No revenue keywords</p>
<p>- No search results keywords</p>
<p>- Recommendations analytics</p>
<p>- Just for you</p>
<p>- More like this</p>
</details>
Testing <br>
Merchandising Audience <br>
<details class="table-details">
<summary>Setup</summary>
<p>- brSM global configurations</p>
<p>- Global ranking rules</p>
<p>- Global facet management</p>
<p>- API modifier</p>
<p>- API details</p>
</details> |
- | **Usage Report User** | A **`Usage Report User `** has access to the [Usage Dashboard](🔗) feature. |
Service Quotas Roles
The following placeholder roles would be part of upcoming feature releases. They currently do not support any functionality:
Service Quotas Admin
Service Quotas User
Service Quotas User - Read Only