Skip to main content

Hierarchy

The Frame platform uses a hierarchical approach to organizing administration and access to accounts. In this section, we'll define each tier and the intended configuration strategy at each level.

Customers

The Customer tier is the highest tier within the Frame platform. This is the tenant with an attached subscription for a single business entity. Customers can attach their identity provider(s) and infrastructure at the Customer level.

note

As a general rule, we advise you register your identity provider and infrastructure at the Customer level so all Organizations and Accounts can use those resources, unless you have a need to restrict use of identity providers and infrastructures to specific Organizations and Accounts.

Organizations

The Organization tier is the middle tier within the Frame platform, residing between Customers and Accounts. There can be many organizations listed under one Customer depending on the use case. A business may use organizations to set up unique environments for different departments within their company.

Customers can attach their identity provider(s) and infrastructure at the Organization level. If they do, then the identity provider and infrastructure integrations can only be used at that Organization and Accounts under the Organization.

Accounts

This is where an admin will install and configure their applications and configure their production VMs. This is also where admins will create Launchpads for their end users. When an end user logs into Frame, they are accessing one of the accounts listed under an Organization and any of the workload VMs configured for it.

Administrator Roles

The table below describes every available type of user and administrator role, including where they fall in the Frame entity hierarchy and their permissions.

Role
Permissions
Customer
Organization
Account
End User
API

Launchpad Users

  • Users with the Customer Administrator role can access all Launchpads for all Accounts on their Frame Platform.

  • Users with Organization Administrator role can access all Launchpads within the Accounts owned by the Organizations that they have administrator rights to.

  • Users with Account Administrator role can access all of the Launchpads within the Accounts that they have administrator rights to.

  • Users with only Launchpad User permissions access Launchpads that are configured by the administrators. A user can access multiple Launchpads from multiple accounts if configured this way by the administrators. When logging into an account, the user will see their assigned Launchpads configured by their administrator and access their applications from there. Users can be given access to one or more accounts within multiple organizations as set by the admins of those respective levels.