Skip to main content

Reference articleEnclave Membership User Guide

  • Updated

Enclave Membership User Guide

Enclaves have members. The members must belong to one of the organizations in the Enclave.

Organizations

An Enclave has, at a minimum:

  • an organization that handles the connected-to (AKA access) role in the Enclave; and
  • an organization that handles the owner role in the Enclave.

The connected-to/access role/function controls the Enclave's network and who can access it.

The owner role/function controls the Desktops in the Enclave that are used to connect to the network.

Most of the time the same organization handles both of these roles, and it is referred to as the owner+connected organization.

If these responsibilities are divided between two organizations, the organization with the owner role is referred to as the user-owner organization and the organization with the connected-to/access role is referred to as the connected-only organization.

These organization roles/functions are determined during Enclave creation. (See the Getting started with Tehama Enclave Creation guide to creating a Enclave.)

Additionally, an Enclave can have any number of user (third-party) organizations joined to it. These organizations can be added to the Enclave at any time after it has been created.

All of these organizations can add, or propose, members from their own organizations as members of the Enclave.

The Enclaves User Guide provides an overview of the roles an organization can have in an Enclave. See the section 'Org Roles and Responsibilities in an Enclave' in the guide.

The Roles User Guide provides an overview of the responsibilities of the manager roles in Enclaves, broken down by the roles/functions of an organization in an Enclave. See the section 'User Management Roles vis-a-vis Org Functions/Roles in an Enclave' in the guide.

Members

The Enclave membership is drawn from users in the Enclave's organizations.

Enclave membership is defined as the right to access the Enclave and use its features.

With a few exceptions, (see below), an Enclave is accessible only by members of the Enclave. The majority of Enclaves members will be Staff members of their organizations.

A typical Enclave member will access a Enclave primarily to connect to their assigned Desktops in the Enclave.

The exceptions mentioned above include Org Admin users and Org Managers of organizations with a role in the Enclave, but who are not necessarily members of the Enclave. These users can access the Enclave to provide Enclave/Desktop connectivity management/configuration. (See the 'Enclave/Desktop Connectivity - Types, Status and Settings' guide for more information.)

Enclave Managers who are members of the Enclave enjoy the same Enclave/Desktop connectivity management/configuration privileges that Org Managers do, but only within Enclaves for which they are members.

The Enclave's membership can be viewed/managed through the Enclave's MEMBERS tab.

Access list of Enclave members

Org Admin users and Org Managers of organizations who have a stake in the Enclave, and Enclave Managers (who are members of the Enclave) and all members of the Enclave can view the list of members in the Enclave.

Users with these roles from user (third-party) organizations in the Enclave can only see members from their own organization.

Check the description of your custom role, to see if you can access the list of Enclave members.

View the list of members in an Enclave, the users who can access/use the Enclave, as follows:

  1. Log in to the Tehama Web UI.
  2. Click on the ENCLAVES tab.
  3. Click on the name of the Enclave you want to access. You will see the user interface for the Enclave. The Enclave tabs you will see depends on the role you have within your organization.
  4. Click on the Enclave's MEMBERS tab. You will see the list of organizations with access to the Enclave. (Members of user (third-party) organizations in the Enclave will only see their own organization.)
  5. To the left of an organization name, Click the drop-down arrow dropdown-down-arrow-icon icon. You will see the list of members for in the Enclave from this organization.

The Enclave's owner organization will have the owner organization icon under its name.

The Enclave's connected organization will have the connected organization icon under its name.

If you see the Auto Approve icon next to an organization name, that means that membership requests from that organization are automatically approved.

You will see the name of the policy assigned to each organization in the Enclave adjacent to the organization name, prefaced by "Conditions of use:". The default policy is 'No policy'. (See the Policies (Conditions of Use for Enclaves) User Guide for information on creating, managing and assigning policies.)

The list of Enclave members under each organization displays the following information for each member:

  • Name: the name of the member (preceded by the avatar for that member)
  • Role: the role of the member (Staff, Enclave Manager, Org Manager or Org Admin)
  • Desktops Assigned: the number of Desktop templates the member is assigned to
  • Status: the status of the member (e.g.: Active, Pending or Policy Violation)

Each member entry in the list shows the Desktop templates in the Enclave that the member is assigned to (under the Desktops Assigned column). If there is more than one Desktop template assigned to the member in the Enclave, just the number of Desktop templates is shown - click on the tooltip beside the number to see their names, up to the first five.

View Enclaves a user has access to

All members of an organization, except for Staff, can view a list of the Enclaves each member in their organization has access to from the MEMBERS tab for the organization. Check the description of your custom role, to see if you can perform this action.

View the Enclaves that a member can access/use from the organization's MEMBERS tab as follows:

  1. Log in to the Tehama Web UI.
  2. Click on the MEMBERS tab.
  3. Select the "All Members" option in the team-selector field.

This provides a list of all the members in your organization.

Each member entry in the list shows the Enclaves that the member belongs to, under the Enclaves Assigned column. If the member has access to more than one Enclave, just the number of Enclaves is shown - click on the tooltip beside the number to see their names, up to the first five.

Add Enclave members

Only the Org Admin user and Org Managers and Enclave Managers (who are members of the Enclave) of an Enclave's connected organization (owner+connected or connected-only) can directly add members to the Enclave - and only users from their own organization. Check the description of your custom role, to see if you can perform this action.

Add members from your own organization to the Enclave, or invite a new member to join your own organization as well as add them to the Enclave, as follows:

Either:

Follow the procedure to Assign members to one or more Enclaves in the Organization User Guide.

Or:

  1. Access the Enclave's members tab.

  2. Next, either:

    • Click on the ADD button in the top right corner of the page and select Member from the drop-down

    Or:

    • Expand your organization in the list and click the + MEMBER button to the right of the organization name.

    The ADD dialog will appear.

  3. Then, either:

    • Add an existing member of the organization to the Enclave:
      1. In the ADD dialog, select either "Members" or "Teams".
      2. Select the members or teams that you wish to add.
      3. Click ADD.

    Or:

    • Invite a new member to join the organization and add them to the Enclave:

      1. In the ADD dialog, select "Invite New Member". The ADD NEW MEMBER dialog will appear.
      2. Enter the member information into the dialog:
        • Name
        • Email Address
        • Role (Org Admin and Org Manager users can create Staff, Org Manager or Enclave Manager users. Enclave Manager users can create Staff or Enclave Manager users.)
        • Enclave (This has been pre-filled with the name of the Enclave) 

          Note: You can, from the MEMBERS tab in the navigation bar, assign additional Enclaves after the member is created, or you can add the member to the Enclave directly from the interface for that Enclave (first ensuring the organization has access to the Enclave, of course.) 
           
        • Team (Select a team or leave this blank)
      3. If you wish this dialog to be automatically redisplayed after inviting this member, so you can add another member, click to place a checkmark in the Send and invite another checkbox.
      4. Click INVITE.

      The new user will be sent an email invitation to create a user account in Tehama and then added as a member to your organization, and also added as a member in the Enclave. Until the user accepts the invitation you will see their status as 'Pending'. You can resend the invitation to the user from the user's entry in the list of members on the MEMBERS tab in the navigation bar.

Propose Enclave members

Only the Org Admin users and Org Managers and Enclave Managers (who are members of the Enclave) of a Enclave's non-connected organizations (user+owner and user-only) can propose Enclave membership in the Enclave for users in their own organizations (including themselves). Check the description of your custom role, to see if you can perform this action.

Propose membership in the Enclave for a team or member in your own organization, or invite a new member to join your own organization as well as propose membership in the Enclave for them, as follows:

Either:

Follow the procedure to Assign members to one or more Enclaves in the Organization User Guide.

Or:

  1. Access the Enclave's members tab.

  2. Next, either:

    • Click on the PROPOSE button in the top right corner of the page and select Member from the drop-down

    Or:

    • Expand your organization in the list and click the + PROPOSE button to the right of the organization name.

    The PROPOSE TEAM MEMBER dialog will appear.

  3. Then, either:

    • Propose member in the Enclave for an existing member of the organization:
      1. In the PROPOSE TEAM MEMBER dialog, select either "Members" or "Teams".
      2. Select the members or teams that you wish to add.
      3. Click ADD.

    Or:

    • Invite a new member to join the organization and propose membership in the Enclave for them:

      1. In the PROPOSE TEAM MEMBER dialog, select "Invite New Member". The ADD NEW MEMBER dialog will appear.
      2. Enter the member information into the dialog:
        • Name
        • Email Address
        • Role (Org Admin and Org Manager users can create Staff, Org Manager or Enclave Manager users. Enclave Manager users can create Staff or Enclave Manager users.)
        • Enclave (This has been pre-filled with the name of the Enclave) 

          Note: You can, from the MEMBERS tab in the navigation bar, assign additional Enclaves after the member is created, or you can propose Enclave membership directly from the interface for that Enclave (first ensuring the organization has access to the Enclave, of course.) 
           
        • Team (Select a team or leave this blank)
      3. If you wish this dialog to be automatically redisplayed after inviting this member, so you can add another member, click to place a checkmark in the Send and invite another checkbox.
      4. Click INVITE.

      The new user will be sent an email invitation to create a user account in Tehama and then added as a member to your organization, and also proposed as a member in the Enclave. Until the user accepts the invitation you will see their status as 'Pending'. You can resend the invitation to the user from the user's entry in the list of members on the MEMBERS tab in the navigation bar.

These proposals/requests will be approved by the connected organization if they did not enable automatic approvals for your organization.

Remove Enclave access for users

The Org Admin users and Org Managers and Enclave Managers (who are members of the Enclave) of an Enclave's non-connected organizations (user+owner and user+only) can remove Enclave membership of members in the Enclave that are users of their own organizations.

The Org Admin user and Org Managers and Enclave Managers (who are members of the Enclave) of a Enclave's connected organization (owner+connected or connected-only) can remove Enclave membership of any members in the Enclave, regardless of which organization they belong to.

Check the description of your custom role, to see if you can perform this action.

WARNING: Removing your member's access will delete the member's individual Desktops and any of their shared Desktops that have no other users and revoke their access to the Enclave.

Remove the access to the Enclave for a member in your own organization as follows:

  1. Access the Enclave's members tab.
  2. Locate the organization name (for the organization to which the member belongs).
  3. Expand that organization (click on the down arrow beside the organization name).
  4. Click on the three vertical dots under the Actions column in the member's row, then select 'Remove Enclave access'. You will see the REMOVE dialog. It lists the name of the member (or members if more than one member entry is selected) and the names of the Desktops to be deleted when the member is removed.

  5. Click to place a checkmark in the checkbox beside the following text:

    "I understand that the members listed above will be removed from the Enclave and will be removed from all desktops that they are currently a member of. Desktops with no remaining users will be permanently deleted."
  6. Click the REMOVE button to proceed.

Bulk Removals: 
Remove access for multiple users in your own organization (pending or active) at the same time as follows:

  1. Access the Enclave's members tab.
  2. Locate the organization name (for the organization to which the member belongs).
  3. Expand that organization (click on the down arrow beside the organization name).
  4. Select the members by clicking in the checkboxes to the left of their name(s).
  5. Click the trash can icon trash can icon found at the bottom of the page. You will see the REMOVE dialog. The selected members' names will be listed on the dialog.

  6. Click to place a checkmark in the checkbox beside the following text:

    "I understand that the members listed above will be removed from the Enclave and will be removed from all desktops that they are currently a member of. Desktops with no remaining users will be permanently deleted."
  7. Click the REMOVE button to proceed.

Reject Enclave access for users

The Org Admin users and Org Managers and Enclave Managers (who are members of the Enclave) of a Enclave's non-connected organizations (user+owner and user+only) can reject Enclave membership of members that are users in their own organizations.

The Org Admin user and Org Managers and Enclave Managers (who are members of the Enclave) of the Enclave's connected organization (owner+connected or connected-only) can reject Enclave membership of any members in the Enclave, regardless of which organization they belong to.

Check the description of your custom role, to see if you can perform this action.

WARNING: Rejecting a user's access will revoke their access to the Enclave and to their individual Desktops and to any of their shared Desktops, but does not delete the actual Desktop instances nor remove them from the Desktop template list under the Enclave's CONFIGURE tab.

Reject access to the Enclave for a member in your organization as follows:

  1. Access the Enclave's members tab.
  2. Locate the organization name (for the organization to which the member belongs).
  3. Expand that organization (click on the down arrow beside the organization name).
  4. Click on the three vertical dots under the Actions column in the row for the member, then select 'Reject Enclave access'. You will see a REJECT dialog.

  5. Click to place a checkmark beside "I acknowledge" after reading the following text:

    "The selected member(s), once rejected, will have restricted access to the Enclave. They will no longer be able to access certain resources such as their Desktop(s) or the file vault."
  6. Click the REJECT button to proceed.

Bulk Rejections: 
Reject access to the Enclave for multiple users in your organization at the same time as follows:

  1. Access the Enclave's members tab.
  2. Locate the organization name (for the organization to which the member belongs).
  3. Expand that organization (click on the down arrow beside the organization name).
  4. Select the members by clicking in the checkbox to the left of their names.
  5. Click the reject icon reject icon found at the bottom of the page. You will see a REJECT dialog.

  6. Click to place a checkmark in the checkbox beside the following text:

    "I understand that the members listed above will be deleted from the Enclave and will be removed from all desktops that they are currently a member of. Desktops with no remaining users will be permanently deleted."
  7. Click the REJECT button to proceed.

Invite organizations to join a Enclave

Only the Org Admin user and Org Managers and Enclave Managers (who are members of the Enclave) of a Enclave's connected organization (owner+connected or connected-only) can invite other organizations to join the Enclave. Check the description of your custom role, to see if you can perform this action.

Note, this is distinct from a Enclave's owner organization inviting another organization to connect to the Enclave. See the Create an Enclave and invite another organization to connect to it section in the Enclaves User Guide.

It is not possible to invite another organization to join a Enclave that has Domain Join enabled. See the Enclave Domain Join User Guide for a description of the feature.

You can invite another organization to join your Enclave as follows:

  1. Access the Enclave's members tab.

  2. Either:

    • click on the ADD button in the top right corner of the page and select Organization from the drop-down; or
    • click ADD ORGANIZATION at the bottom of the list of organizations.

    You will see the ADD ORGANIZATION dialog.

  3. Specify an organization. 
    Either:

    • select one of the organizations listed in the dropdown,

      The organizations found in the list are those that have accepted invitations other Enclaves in your organization, or that have invited your organization to their Enclaves (and you have accepted those invitations). Tehama does not expose organization names of organizations that have not introduced themselves in this way.

      then proceed to:

      1. Select a policy as the "conditions of use" for the organization. 
        Be aware that members of the organization who are members of the Enclave must accept the policy in the Enclave, in order to work in the Enclave. See sections "Assign a policy/condition-of-use to an organization in a Enclave" and "Accept a policy/condition-of-use for an organization in a Enclave" in the Policies (Conditions of Use for Enclaves) User Guide for more information.
      2. Click INVITE. You will see an entry for the organization in the list. The organization will receive a notification that they have been added to your Enclave.

    • select the 'Invite a new organization' option in the dropdown,

      The organization you invite may already have an account in Tehama. When they receive your invitation, they may opt to connect to your Enclave with that organization account, or to create a new organization account.

      then proceed to:

      1. Select a policy as the "conditions of use" for the organization. 
        Be aware that members of the organization who are members of the Enclave must accept the policy in the Enclave, in order to work in the Enclave. See sections "Assign a policy/condition-of-use to an organization in a Enclave" and "Accept a policy/condition-of-use for an organization in a Enclave" in the Policies (Conditions of Use for Enclaves) User Guide for more information.
      2. Click NEXT. You will see the ADD NEW ORGANIZATION dialog.
      3. Enter the name of the organization, the name of your contact in that organization and the email for that contact.
      4. Click INVITE. You will see an entry for the organization in the list. The contact for the organization will receive an email inviting them to connect to your Enclave. They must click on the link in the email and follow instructions for joining Tehama. If necessary, you can resend the email by clicking on the Resend invitation link found next to the organization name.

Note: 
The list of organizations you see in the ADD ORGANIZATION dialog is a subset of existing Tehama organizations. This subset is composed of organizations that already have access to other Enclaves in your organization. These organizations are considered to be 'authorized' by your organization.

If you wish to grant access to an existing organization that is not already authorized by your organization, select the option in the dialog to invite a new organization. The contact that you specify can choose to connect to your Enclave using their existing organization, or create a new one.

If you wish to grant access to a company that does not have a Tehama organization yet, select the option in the dialog to invite a new organization. The contact that you specify will create a new Tehama organization for their company.

Enable/disable auto-approvals for an organization

Only the Org Admin user and Org Managers and Enclave Managers (who are members of the Enclave) of an Enclave's connected organization (owner+connected or connected-only) can enable or disable auto-approvals for an organization in the Enclave. Check the description of your custom role, to see if you can perform this action.

If you see the Auto Approve icon next to an organization name, that means that requests from that organization are automatically approved. To enable or disable auto-approvals, do the following:

  1. Access the Enclave's members tab.
  2. Locate the organization name. The policy will be visible adjacent to the organization name, prefaced by "Conditions of use:".
  3. Click on the policy name found adjacent to the organization name. You will see the ASSIGN CONDITIONS TO ENVCLAVE dialog.
  4. Toggle the Auto approve proposed members field as desired.
  5. Click the ASSIGN button.

Approve Enclave access requests

Only the Org Admin user and Org Managers and Enclave Managers (who are members of the Enclave) of an Enclave's connected organization (owner+connected or connected-only) can approve requests for membership in the Enclave. Check the description of your custom role, to see if you can perform this action.

Approve a request for access from an organization you've invited as follows:

  1. Access the Enclave's members tab.
  2. Locate the organization name (for the organization making the request).
  3. Expand that organization (click on the down arrow beside the organization name).
  4. Click on the three vertical dots under the Actions column in the row for the proposed member, then select 'Approve Enclave access'.

Bulk Approvals (for requests within one organization): 
Approve requests for access for multiple users at the same time as follows:

  1. Access the Enclave's members tab.
  2. Locate the organization name of the organization making the request(s).
  3. Expand that organization, (click on the down arrow beside the organization name).
  4. Select the proposed members by clicking in the checkbox to the left of their name(s).
  5. Click the checkmark icon checkmark icon found at the bottom of the page.

Deny/Delete Enclave access requests

Only the Org Admin user and Org Managers and Enclave Managers (who are members of the Enclave) of a Enclave's connected organization (owner+connected or connected-only) can deny a pending request for membership in the Enclave. Check the description of your custom role, to see if you can perform this action.

WARNING: Removing (deleting) a member's access will delete the member's individual Desktops and any of their shared Desktops that have no other users and revoke their access to the Enclave. Note that even a pending Enclave member may have been assigned Desktops.)

Deny/Delete a request for access from an organization you've invited as follows:

  1. Access the Enclave's members tab.
  2. Locate the organization name (for the organization making the request).
  3. Expand that organization (click on the down arrow beside the organization name).
  4. Click on the three vertical dots under the Actions column in the row for the proposed member then select 'Delete Enclave access'. You will see the DELETE dialog. The member's name will be listed on the dialog.

  5. Click to place a checkmark in the checkbox beside the following text:

    "I understand that the members listed above will be deleted from the Enclave and will be removed from all desktops that they are currently a member of. Desktops with no remaining users will be permanently deleted."
  6. Click DELETE.

Bulk Denials/Deletions (for requests within one organization): 
Deny/Delete requests for access for multiple users at the same time as follows:

  1. Access the Enclave's members tab.
  2. Locate the organization name of the organization making the request(s).
  3. Expand that organization, (click on the down arrow beside the organization name).
  4. Select the proposed members by clicking in the checkboxes to the left of their name(s).
  5. Click the trash can icon trash can icon found at the bottom of the page. You will see the DELETE dialog. The selected members' names will be listed on the dialog.

  6. Click to place a checkmark in the checkbox beside the following text:

    "I understand that the members listed above will be deleted from the Enclave and will be removed from all desktops that they are currently a member of. Desktops with no remaining users will be permanently deleted."
  7. Click DELETE.

Assign members to Desktop Template

The Org Admin user and Org Managers and Enclave Managers (who are members of the Enclave) of the Enclave's owner organization can assign members in the organization to a Desktop Template from the Enclave's members tab in the Tehama Web UI. Check the description of your custom role, to see if you can perform this action.

  1. Access the Enclave's members tab.
  2. Locate the organization name(s) of the organization(s) that contain the members to whom you wish to assign a Desktop.
  3. Expand the organization(s), (click on the down arrow beside each organization name).
  4. Select the members by clicking in the checkbox to the left of their name(s). You will see an icon with the text ASSIGN DESKTOP at the bottom of the page.
  5. Click the icon beside ASSIGN DESKTOP at the bottom of the page. The ADD DESKTOP TEMPLATE dialog appear.
  6. Select the operating system for the Desktop to be assigned to the selected members from the Operating System dropdown.
  7. Click CONTINUE. If you are assigning a desktop template, the SELECT DESKTOP TEMPLATE dialog will appear.

  8. Choose one of the following paths: 

    EITHER: 
    Edit the members assigned to an existing Desktop template. 
    (only available when adding a Desktop template)

    1. Select an existing Desktop template from the Desktop Template dropdown. (For Linux, only multi-user Desktop templates can have their list of members edited.)
    2. Click NEXT. The ASSIGN WINDOWS/LINUX DESKTOP TEMPLATE dialog will appear.
    3. Verify that the Users field has the selected members added to it.
    4. Click SAVE.

    OR: 
    Add a completely new Desktop template.

    1. Scroll to the end of the list and select "Create New Windows Desktop Template" or "Create New Linux Desktop Template" from the Desktop Template dropdown.

    2. Click NEXT. One of the following dialogs will appear, depending on the type (Windows-based or Linux-based) of Desktop you wish to create and your organization's role in the Enclave and your role in your organization:

      • the ADD WINDOWS DESKTOP TEMPLATE (for Windows-based Desktops)
      • the ADD LINUX DESKTOP TEMPLATE (for Linux-based Desktops)

      See instructions to Add a Desktop Template. Scroll to the appearance of this dialog in the instructions for the type of Desktop you wish to add and continue from there.

Related articles