Enterprise Admin Dashboard
As part of Trello Enterprise, Enterprise admins have access to an Enterprise-wide management dashboard where they can view all Trello members related to an Enterprise, and view and manage permissions for Workspaces and boards within their Enterprise.
Open the dashboard
The dashboard is accessible to admins for your Enterprise. Your Enterprise account manager can confirm who those users are if you're uncertain. Workspace admins are not automatically Enterprise admins.
An Enterprise admin can access the dashboard by clicking the suitcase icon in the top right of the screen.
The top of the screen lists the Enterprise's name and whether it requires its Workspace members to log in using SSO or not.
On the left of the dashboard, you'll see a way to navigate between Enterprise members, Workspaces, and security settings. The dashboard will also show your Enterprise seat number and how many seats have been used.
The Enterprise Members tab on the Enterprise Admin Dashboard displays all billable accounts that are active on Workspaces within your Enterprise. Enterprise Admin can manage the accounts associated with each category by selecting the link.
To learn more about the different membership types, check out Managing Licensed Members on the Enterprise Admin Dashboard.
Enterprise Members page on Enterprise Admin Dashboard.
You can filter your view of members by which Workspace(s) they’re on, whether or not they’ve been transferred into your Enterprise, when their last login was, and if they’re a Workspace admin or Enterprise admin.
Filtering by admin status
To search for a specific member, type their name or username in the search box in the top right of the dashboard.
Enterprise member management
To add/remove or deactivate/reactivate members from Enterprise Workspaces, select the checkbox for one or more members (or click “Select All” to select every member in your Enterprise), and then click “Workspaces…” in the yellow bar at the top of the members list. From here, you can choose to add, remove, deactivate, or reactivate the selected members to the desired Workspace.
After performing one of these actions, you'll see a status message about the members—who was successfully added/removed, who was already in the Workspace, and who can't be added to/removed from the Workspace because of policy restrictions around email domain addresses, etc.
Adding an Enterprise member to an Enterprise Workspace
Enterprise admin privileges and deactivation
To grant or revoke Enterprise Admin privileges, or deactivate members from your Enterprise, select the checkbox for one or more members, and then click “Enterprise…” in the yellow bar at the top of the members list. From here, you can choose to make selected members Enterprise admins, remove Enterprise admin status, or deactivate selected members from the Enterprise.
Revoking Enterprise Admin privileges from Enterprise members
Other member types
In addition to the main Members tab that displays members that are active in Workspaces within your Enterprise, there are three additional sub-pages to view other types of members of your Enterprise:
- Free Managed Accounts: Free accounts that use SSO but aren't in any Enterprise Workspaces.
- Board Guests: Free accounts that are collaborators outside of your Enterprise.
- Deactivated Accounts: Accounts that have been deactivated from the Enterprise and all Enterprise Workspaces
The Enterprise Workspaces tab on the Enterprise Admin Dashboard displays all Workspaces that have been approved to be part of your Enterprise. All of your Workspace and power-up settings (mentioned later on this page) apply to the members and boards within these Workspaces.
Enterprise Workspaces tab on Enterprise Admin Dashboard
The Non-Enterprise Workspaces tab will display any Workspace that does not belong to the Enterprise but all admins are managed members of the Enterprise. Enterprise Admin can choose to add the Workspace to the Enterprise here and are subjected to the security settings of the Enterprise.
The Pending tab under Workspaces will display any Workspace that has requested to join your Enterprise. On this page, you can either approve the request, which will make the Workspace appear within the main Workspaces list, or you can deny the request, meaning the requesting Workspace will not be approved to join your Enterprise.
Workspace & Board Permissions
The Workspace & board permissions tab provides enterprise-wide permissions settings that apply to all Workspaces within your Enterprise. In many of these settings, you can either specify a permission that applies to every Workspace in your Enterprise, or you can choose to let Workspace admins decide how to handle the permission on a per-Workspace basis.
For more specific information on the Workspace Settings tab, please see Enterprise Wide Permissions.
Permissions that apply to all Workspaces within an Enterprise
The Attachment restrictions tab allows you to allow or restrict specific attachment types on Enterprise boards. Trello card attachments are always allowed.
Attachment security administration
The Public boards tab allows you to view and change visibility of all public boards that are within Enterprise Workspaces. For more, see Managing Public Boards Within an Enterprise.
Public boards that have been created within Enterprise Workspaces
Enterprise Power-Up administration allows administrators to control which Power-Ups are allowed to be added to boards within the Enterprise. This feature also gives visibility into which Power-Ups are currently in-use within the Enterprise and how many boards they’re used on.
For more, see Enterprise Power-Up Administration.
Enterprise Power-Up Administration
The Audit Log tab allows administrators to export a log activities performed by Enterprise Admin. The logs are exported to Google Sheets and include pending Workspace approvals, membership changes, enterprise-wide permission settings, and power-up administration, and more.
The SSO Setup tab allows administrators to self-service SSO setup on the Enterprise. For more, see Configuring SSO for your Enterprise. When you're ready to enforce SSO, reach out to let us know, and we'll be happy to get that process started!
Configuring Trello SSO Setup
On newer versions of Trello Enterprise, SSO is managed through Atlassian Access rather than directly through the Trello Enterprise Dashboard.
In this case, you'll still see the SSO Setup tab. However, instead of seeing the setup form on that page, you'll instead find information on how to manage your SSO settings through Atlassian Access.
Atlassian Access SSO
SSO for Trello is enforced through Atlassian Access. If you've linked your Trello Enterprise with an Atlassian Org, that link will show here. If you haven't linked your Trello Enterprise with an Atlassian Org, this is where it's done! For more on connecting Enterprise to Atlassian Access, see Linking a Trello Enterprise to an Atlassian Organization.
The API Tokens tab allows Admin to see the personal server tokens from third-party integrations and Trello Mobile app sessions that managed Enterprise members have authorized. Admin can filter by Power-Up and Mobile Session token type and delete the API tokens to remove authorization to the integration.
Power-Up and Mobile Session tokens are independent and one token type can be deleted without affecting the other token type.
When it comes to third-party Power-Ups, Admin cannot see specific integration names and must delete all third-party integration tokens authorized by a user.
API Token Restriction
Admin can also choose to restrict managed users from creating new API tokens. If this option is ticked, managed users who try to authorize an available third-party integration will see a message with a '400' error code and a suggestion to contact their Enterprise Admin Workspace for authorization. To provide this authorization, an Enterprise Admin must temporarily un-tick the option 'Do not allow manage members to create new API tokens' and allow the user to authorize the Power-Up to create the token. Once the Power-Up is authorized the Enterprise Admin will need to tick the option again to block new tokens going forward.
Managed user's API token seen by an Enterprise Admin
Mobile Session Tokens
Deleting a user's Mobile Session token will immediately log the user out of any devices using the Trello Mobile app. The user will be prompted to log in again the next time they open the app. If Admin selects to restrict managed members from creating new API tokens, active managed users can still create Mobile Session tokens and log back into the app.