News

Limit what can be seen

Since the complete overhaul of our cloud control panel, cloud resources can be used for several different projects. Access rights for these projects can be granted either for whole teams or for individual organization members. However, as is usually the case in companies, there is a certain degree of transparency for employees, which means that all organization members can see which other members, teams and projects are in their organization, even if they themselves are not part of the team or project in question.

This transparency may not be desired when cooperating with external persons. You can now, therefore, invite external persons to join your organization as "external collaborators", which ensures that they will have no insight into the internal structure of your organization. Managing your projects is as easy as it was: you can add external collaborators to your teams or grant them direct read or change access to the desired projects. External collaborators can then only see the projects they are actually authorized to see and have no access to details that refer to other activities or relationships. Irrespective of whether you would like to work with customers or service providers, the external collaborators feature will enable you to achieve the correct degree of transparency in every scenario.

Use tried-and-tested concepts

For maximum security we recommend that you work with personal accounts and do not allow several persons to share login credentials. At the same time, this will ensure that you can use the project logs to trace who performed a certain action if required. You can now also invite external partners to create a personal account at cloudscale.ch and send them an invite link that will allow them to join your organization as external collaborators. If any of your external partners uses an "OpenID Connect"-compatible identity provider and would like to benefit from single sign-on at cloudscale.ch as well, our support team will be happy to help.

Granting read and change access to your projects and adding external collaborators to teams follows the same principles as for organization members. External collaborators do not, however, have access to projects where you have selected "Grant access to all members of the organization". Instead, in order to grant selected external collaborators access to a project, you need to use the option of teams or individual access.

Incidentally, it goes without saying that just as for members of your organization, personal accounts are free of charge for external collaborators. They are, however, free to use cloud services separately from your organization at their own cost.

A few tips

Many companies have internal security guidelines, many of which explicitly require the use of two-factor authentication (2FA). In our control panel, you will therefore not only see the 2FA status for members, but also for the external collaborators in your organization. Any changes to this are also documented in the organization log. As opposed to for members of the organization, all other account-related actions of an external collaborator (e.g. logging in/out, changing the account password) are not included in the organization log.

The details of your organization are basically not visible to external collaborators. As soon as you grant access to a project, this also grants access to the corresponding project log, i.e. information about changes to the project and their initiators. This ensures that external collaborators can actually perform their assigned tasks (e.g. project monitoring or reconstructing a technical problem). External collaborators also see the stored email addresses of your organization (main email address and billing email address, if specified) and can select these as the sender's address for support tickets.

As a concept, external collaborators are predominantly in line with organization members, which means they can be effortlessly integrated into your existing access scheme. The small difference in the detail, however, opens up completely new areas of application: you can now also involve your customers or external specialists in the management of your cloud resources without them finding out about each other or about your internal matters. This means that committed cooperation on your cloud projects can be structured more efficiently than ever.

Better together,
Your cloudscale.ch team