Enterprise Admin Dashboard
As part of Trello Enterprise, Enterprise admins have access to an Enterprise-wide management dashboard where they can view all Trello members related to an Enterprise, and view and manage permissions for teams and boards within their Enterprise. Right now, the dashboard is per-Enterprise, so if your team has both enforced-SSO teams and SSO-as-a-convenience teams, you'll access those dashboards separately.
Open the Dashboard
The dashboard is accessible to admins for your Enterprise(s). Your Enterprise Account Manager can confirm who those users are if you're uncertain. Team admins are not automatically Enterprise admins.
An Enterprise admin can access the dashboard by clicking the suitcase icon in the top right of the screen.
The top of the screen lists the Enterprise's name and whether it requires its team members to log in using SSO or not.
On the left of the dashboard, you'll see a way to navigate between Enterprise members, teams, and security settings. The dashboard will also show your Enterprise seat number and how many seats have been used.
The Enterprise Members tab on the Enterprise Admin Dashboard displays all billable accounts that are active on teams within your Enterprise. Enterprise Admin can manage the accounts associated with each category by selecting the link.
To learn more about the different membership types, check out Managing Licensed Members on the Enterprise Admin Dashboard.
Enterprise Members page on Enterprise Admin Dashboard.
You can filter your view of members by which team(s) they’re on, whether or not they’ve been transferred into your Enterprise, when their last login was, and if they’re a team admin or Enterprise admin.
Filtering by admin status
To search for a specific member, type their name or username in the search box in the top right of the dashboard.
Enterprise Member Management
To add/remove or deactivate/reactivate members from Enterprise teams, select the checkbox for one or more members (or click “Select All” to select every member in your Enterprise), and then click “Teams…” in the yellow bar at the top of the members list. From here, you can choose to add, remove, deactivate, or reactivate the selected members to the desired team.
After performing one of these actions, you'll see a status message about the members—who was successfully added/removed, who was already in the team, and who can't be added to/removed from the team because of policy restrictions around email domain addresses, etc.
Adding an Enterprise member to an Enterprise team
Enterprise Admin Privileges and Deactivation
To grant or revoke Enterprise Admin privileges, or deactivate members from your Enterprise, select the checkbox for one or more members, and then click “Enterprise…” in the yellow bar at the top of the members list. From here, you can choose to make selected members Enterprise admins, remove Enterprise admin status, or deactivate selected members from the Enterprise.
Revoking Enterprise Admin privileges from Enterprise members
Other Member Types
In addition to the main Members tab that displays members that are active in teams within your Enterprise, there are three additional sub-pages to view other types of members of your Enterprise:
- Free Managed Accounts: Free accounts that use SSO but aren't in any Enterprise teams.
- Board Guests: Free accounts that are collaborators outside of your Enterprise.
- Deactivated Accounts: Accounts that have been deactivated from the Enterprise and all Enterprise teams
The Enterprise Teams tab on the Enterprise Admin Dashboard displays all teams that have been approved to be part of your Enterprise. All of your team and power-up settings (mentioned later on this page) apply to the members and boards within these teams.
Enterprise Teams tab on Enterprise Admin Dashboard
The Non-Enterprise Teams tab will display any team that does not belong to the Enterprise but all admins are managed members of the Enterprise. Enterprise Admin can choose to add the team to the Enterprise here and are subjected to the security settings of the Enterprise.
The Pending tab under Teams will display any team that has requested to join your Enterprise. On this page, you can either approve the request, which will make the team appear within the main Teams list, or you can deny the request, meaning the requesting team will not be approved to join your Enterprise.
Team & Board Permissions
The Team & Board Permissions tab provides enterprise-wide permissions settings that apply to all teams within your Enterprise. In many of these settings, you can either specify a permission that applies to every team in your Enterprise, or you can choose to let team admins decide how to handle the permission on a per-team basis.
For more specific information on the Team Settings tab, please see Enterprise Wide Permissions.
Permissions that apply to all teams within an Enterprise
The Attachment Restrictions tab allows you to allow or restrict specific attachment types on Enterprise boards. Trello card attachments are always allowed.
Attachment security administration
The Public Boards tab allows you to view and change visibility of all public boards that are within Enterprise teams. For more, see Managing Public Boards Within an Enterprise.
Public boards that have been created within Enterprise teams
Enterprise Power-Up Administration allows administrators to control which Power-Ups are allowed to be added to boards within the Enterprise. This feature also gives visibility into which Power-Ups are currently in-use within the Enterprise and how many boards they’re used on.
For more, see Enterprise Power-Up Administration.
Enterprise Power-Up Administration
The Audit Log tab allows administrators to export a log activities performed by Enterprise Admin. The logs are exported to Google Sheets and include pending team approvals, membership changes, enterprise-wide permission settings, and power-up administration, and more.
The SSO Setup tab allows administrators to self-service SSO setup on the Enterprise. For more, see Configuring SSO for your Enterprise. When you're ready to enforce SSO, reach out to let us know, and we'll be happy to get that process started!
The SSO Setup tab will not appear if SSO is provided by Atlassian Access, and there will be a separate Atlassian Access tab instead.
Configuring Trello SSO Setup
Atlassian Access SSO
If your Trello Enterprise uses Atlassian Access for SSO, you'll see an Atlassian Access tab on your Enterprise Dashboard. For more on connecting Enterprise to Atlassian Access, see Linking a Trello Enterprise to an Atlassian Organization.
The API Tokens tab allows Admin to see the personal server tokens from third-party integrations and Trello Mobile app sessions that managed Enterprise members have authorized. Admin can filter by Power-Up and Mobile Session token type and delete the API tokens to remove authorization to the integration.
Power-Up and Mobile Session tokens are independent and one token type can be deleted without affecting the other token type.
When it comes to third-party Power-Ups, Admin cannot see specific integration names and must delete all third-party integration tokens authorized by a user.
API Token Restriction
Admin can also choose to restrict managed users from creating new API tokens. If this option is ticked, managed users who try to authorize an available third-party integration will see a message with a '400' error code and a suggestion to contact their Enterprise Admin team for authorization. To provide this authorization, an Enterprise Admin must temporarily un-tick the option 'Do not allow manage members to create new API tokens' and allow the user to authorize the Power-Up to create the token. Once the Power-Up is authorized the Enterprise Admin will need to tick the option again to block new tokens going forward.
Managed user's API token seen by an Enterprise Admin
Mobile Session Tokens
Deleting a user's Mobile Session token will immediately log the user out of any devices using the Trello Mobile app. The user will be prompted to log in again the next time they open the app. If Admin selects to restrict managed members from creating new API tokens, active managed users can still create Mobile Session tokens and log back into the app.