IAM | Global Rollout

docs/_sidebar.md

@@ -25,7 +25,9 @@
   - [Window Events](window/events.md "Botcopy Docs | Window Events")
   - [Window Methods](window/methods.md "Botcopy Docs | Window Methods")
 - WCAG 2.1
-
   - [Compliance](wcag/focus-trap.md "Botcopy Docs | Focus Trap")
-
-  <footer id="mb-footer"></footer>
+- IAM
+  - [Overview](iam/overview.md "Botcopy Docs | Overview")
+  - [Users Page](iam/users.md "Botcopy Docs | Users Page")
+  - [Roles Page](iam/roles.md "Botcopy Docs | Roles Page")
+<footer id="mb-footer"></footer>

docs/iam/overview.md

@@ -0,0 +1,18 @@
+## IAM Overview
+
+The IAM application is used to manage user roles, delete users, and invite new users to an organization. The IAM application can be found [here](https://iam.botcopy.com).
+
+### Roles
+
+| **Role Name**     | **Description** |
+| ----------------- | --------------------------------------------------------------------------------------------------------------- |
+| `PORTAL_ADMIN`    | Portal administrator role, full access to all portal features.                                                  |
+| `PORTAL_DEV`      | Portal developer role, access to most portal features with some exceptions.                                     |
+| `PORTAL_MARKETER` | Portal marketer role, access to some portal features. For users that only need permission to edit bot branding. |
+| `PORTAL_BILLING`  | Portal billing role, access to some portal features. For users that only need access to billing.                |
+
+More granular roles are planned for release in the future.
+
+### Access
+
+All users in an organization have access to the IAM application. However, only users with the `PORTAL_ADMIN` role will be able to edit roles, delete users, and invite new users. `PORTAL_ADMINS` cannot edit their own access or delete themselves from an organization, that needs to be done by another `PORTAL_ADMIN`.

docs/iam/roles.md

@@ -0,0 +1,7 @@
+## IAM Roles Page
+
+The "Roles" page groups roles with the users that are assigned to that role into a table. In addition to displaying roles and the users assigned to them, this page will allow you to update users assigned to a given role. 
+
+### Updating Role Assignments
+
+To update the users assigned to a role, click the three-dot menu in that row and select “Edit Users” from the menu. All users in the organization appear in the modal. If you remove the only role a user has, you will be directed to delete the user instead. An update that removes the only role a user has will not be applied.

docs/iam/users.md

@@ -0,0 +1,22 @@
+## IAM Users Page
+
+The "Users" provides the ability to grant access to new users, delete users, and edit their role assignments. The current users in an organization are displayed in a table along with their current role assignments and the date of their last sign-in to Portal.
+
+### Granting Access
+
+Click the "Grant Access" button to open a modal where users can be invited and assigned an initial role. Users that are eligible to be invited to an organization:
+
+- valid and active email address
+    - **Note:** email addresses are not validated for activity by the IAM app
+- users that have never been invited to any organization
+- users that were deleted from another organization
+
+Upon clicking the “Grant” button, the invited email addresses will receive an email that contains a link to Portal. Invitation emails no longer expire. Once a user has been added via the "Grant Access" functionality they have access to the organization right away. 
+
+### Deleting Users
+
+To delete a user from an organization, click the three-dot menu on the user's row and select “Delete User” from the menu that appears. A modal will open to confirm the deletion. Once a user is deleted, they are eligible to be invited to another organization.
+
+### Editing User Roles
+
+To update roles for a user, click the three dot button on the row and select “Edit Roles” from the menu that appears. A modal will open that shows that users current roles. All active users must have at least one role, so the “Confirm” button will be disabled if no checkboxes are selected.