Introduction to Teams¶
The nRF Cloud Teams feature lets you set up teams of users who can interact with the team's devices, with different access levels for individual users.
Concepts¶
| Term | Definition |
|---|---|
| User | A person with an account on the nRF Cloud portal. Each account is unique to a particular email. A person might create different accounts with different emails, but each account is considered a different user. |
| Account | The configuration settings for an nRF Cloud user, such as their password, team associations, and team-specific permissions. |
| Team | Contains a set of user accounts and a set of devices. A user can be a member of multiple teams, with different permissions for each team. A device cannot be a member of more than one team. |
| Team member | A user acting within a specific team. A team member has a role for a given team that is independent of their roles in other teams. |
| Role | A team member is assigned a role for a team, such as owner, admin, editor, or viewer. |
| Device group | A named set of devices. A team member can also be associated with a device group, which limits the devices they can access. |
| Device tag | A property associated with a device, which determines the groups the device belong to. |
| Permissions | A team member's assigned device groups and role, which defines what they can do with which devices. |
| API key | A unique identifier provided for a team member, allowing them to access the devices in that team using the nRF Cloud REST API, subject to their permissions for that team. |
See also the device organization page.
Team ID¶
Your Team ID can be found on your Teams page on the nRF Cloud portal. You need to know your Team ID to use the MQTT API.
Note
The Team ID is referred to as the tenant ID in the response of a call to the FetchAccountInfo endpoint and some other endpoints.
Team type¶
The team owner must select whether the teams associated with their account are for personal or business use.
You can do this from your User Account page by editing your profile, or when you upgrade your first team to Pro or Enterprise.
Caution
Do not use the same account for both personal and business teams. If you need both personal and business teams, use separate accounts for each type.
The billing address you specify in your account information applies to all teams you create with that account. Changing the billing address for one team changes it for all teams in your account.
Having both business and personal teams on the same account or changing your billing address can result in billing errors.
Roles¶
A team member has one role. If you are a member of multiple teams, you can have a different role for each team. When you are invited to a team, the invitation mail states your role and permissions.
The role defines what you can do within that team.
Owner¶
The team owner can perform all other roles' actions. The following actions are only available to the team owner:
- Remove any team members.
- Transfer ownership of the team to an admin.
- Invite users to a team by email address.
- Generate evaluation tokens.
- Cancel an invitation you created before the invitee accepts.
- Modify team information, such as the name.
-
Delete a team.
- All associated devices and user relationships are deleted, and any outstanding invitations are rejected.
Caution
If the owner of a team leaves without transferring ownership first, the entire team, its users, and its associated devices are also deleted.
These devices must be onboarded again to use nRF Cloud services.
Admin¶
In an admin role, you can perform all editor actions, as well as the following:
- Remove any other team member (including yourself), except the owner.
- Change any other team member's role (including yourself), except the owner.
- Change a team member's assigned device groups.
- Accept an invitation to transfer ownership of a team.
- Add, change, and delete device groups assigned to a device.
- Update firmware on a device.
- Manage IMEIs.
Editor¶
In an editor role, you can do the following:
- View device information.
- Regenerate your own nRF Cloud REST API key for a team you are on.
- Generate a device certificate and use it to onboard a device.
- Add, remove, and perform actions on devices, such as:
- Perform a scan with a Bluetooth® gateway.
- Rename a device.
- Attach an image to the device as shown in the list of devices.
- Interact with a device to change its characteristic values, such as enabling sensor output or changing the light pattern.
- Add and remove SIM cards.
- Add and remove Bluetooth gateways.
Viewer¶
In a viewer role, you can do the following:
- View device information.
- Regenerate your own nRF Cloud REST API key for a team you are on.
nRF Cloud REST API access by role¶
Each team member is provided an API key that grants them permissions to use the nRF Cloud REST API for devices in that team.
Device access using the nRF Cloud REST API is restricted by the API call and the team member's role:
| nRF Cloud REST API | Owner | Admin | Editor | Viewer |
|---|---|---|---|---|
| Account information | ✔ | ✔ | ✔ | ✔ |
| Account certificates | ✔ | ✔ | ||
| API usage information | ✔ | ✔ | ✔ | ✔ |
| Devices (all types): | ||||
> ListDevices request |
✔ | ✔ | ✔ | ✔ |
> FetchDevice request |
✔ | ✔ | ✔ | ✔ |
| > All other requests in this section | ✔ | ✔ | ✔ | |
| Devices (Gateway) | ✔ | ✔ | ✔ | |
| Devices (Bluetooth LE) | ✔ | ✔ | ✔ | |
| Devices (IP/LTE) | ✔ | ✔ | ✔ | |
| Device firmware updates (FOTA) | ✔ | ✔ | ||
| Bulk operation status | ✔ | ✔ | ✔ | ✔ |
| Location Services | ✔ | ✔ | ✔ | ✔ |
| Messages: | ||||
> ListMessages |
✔ | ✔ | ✔ | ✔ |
> SendDeviceMessage |
✔ | ✔ | ✔ | |
| Evaluation token: | ||||
| Generate token | ✔ | |||
| View token | ✔ | ✔ | ✔ | ✔ |
| Get REST API specification through /openapi.json endpoint | ✔ | ✔ | ✔ | ✔ |
| IMEI management | ✔ | ✔ |
You can manage teams through the nRF Cloud portal. See Working with Teams.