The Poggio Enterprise Model

The Poggio Enterprise model offers a hierarchical structure that enables advanced control and management for organizations using multiple workspaces.

Overview

The Poggio Enterprise model offers a hierarchical structure that enables advanced control and management for organizations using multiple workspaces. This model includes features like domain lock, SSO enforcement, and enterprise-wide admin controls, ensuring secure and streamlined access across the organization.

Key Concepts

Workspace

Poggio users build account plans and collaborate in workspaces. The workspace contains a task library, page templates, companies, and custom configuration and content. Users may be members of multiple workspaces, and switch the workspace they are currently viewing using the workspace switcher on the settings page. No user data is shared across workspaces — the Poggio workspace is a hard data boundary within our multi-tenant platform.

Enterprise

A Poggio Enterprise is an overarching scope that encompasses multiple workspaces. It allows administrators to manage global settings and enforce policies across all workspaces within the enterprise. This central control simplifies management and enhances security.

Enterprise Admins in Poggio are granted special permissions to manage enterprise-wide settings. Key attributes of Enterprise Admins include:

  • Exemption from enterprise-level controls, allowing them to use alternative login methods even if SSO is enforced.

  • Ability to promote other members to Enterprise Admins, which automatically enrolls them in all enterprise-enabled workspaces.

  • Necessity of having at least one Enterprise Admin per enterprise, with the first admin being appointed by Poggio.

Enterprise Controls

Poggio provides two main enterprise controls:

  1. Enforce SSO Login: This control ensures all members of enterprise-enabled workspaces use SSO for logging in, disallowing other login methods and preventing members from joining non-enterprise workspaces. Enabling this will clear external workspace memberships.

  2. Allow External Members: This control allows external users (e.g., user@externaldomain.com) to join enterprise-enabled workspaces. Disabling this will remove all external members and enforce a hard block on external domains for invites. Domain lock settings will only be editable if this control is enabled.

By default, "Enforce SSO Login" is off and "Allow External Members" is on, meaning an enterprise-enabled workspace operates similarly to a normal Poggio workspace, but with the added option of SSO login.

Domain Lock

Poggio workspaces feature a domain lock on invites by default. This means that shareable invitation links are restricted to the workspace domain. Workspace members can add additional allowed domains or enable full open access if needed.

SSO (Single Sign-On)

Poggio supports SAML 2.0 for SSO, providing a seamless and secure login experience. Key aspects of SSO in Poggio include:

  • SAML configurations must be associated with a verified domain, which is confirmed through a TXT DNS record.

  • Each SAML configuration is tied to a specific domain, and workspaces can have multiple SAML configurations.

  • Default Workspace: A default workspace is designated for each SAML configuration. New users signing up through SSO are automatically assigned to this default workspace. Multiple SAML configurations can share the same default workspace, allowing users from different email domains to join the same workspace.

Enterprise-Enabled Workspaces

A workspace becomes enterprise-enabled when it is associated with a SAML configuration. These workspaces can support multiple SAML configurations and share default workspaces.

Conclusion

The Poggio Enterprise model is designed to provide robust and flexible management for organizations with multiple workspaces. With enterprise controls, SSO integration, and centralized admin privileges, enterprises can ensure secure and efficient operation across all their Poggio workspaces.

Last updated