This article explains Blink's Restricted Directory feature and includes:
Feature summary
This feature caters to our enterprise clients that comprise multiple companies or units and require each to operate as separate entities on Blink.
This feature enables organizations to segment their user directory per company, restricting users from viewing and communicating directly with others outside of their designated company.
If required, the organization can still enable communication channels across companies for basic users by creating organization-level teams that support team channels and feed posts for group interaction.
Restrictions by roles
Restrictions apply to Basic Users and Team Admins. They do not apply to Org Admins or Content Moderators.
The below table shows the user experience by role when Restricted Access is turned on:
Role | Directory | Chats | Feed |
Basic User | Restricted by Company | Restricted by Company | Restricted by Company |
Team Admin | Restricted by Company | Restricted by Company | Restricted by Company |
Content Moderator | Unrestricted | Unrestricted | Unrestricted |
Org Admin | Unrestricted | Unrestricted | Unrestricted |
The below diagram outlines the experience of Alice, a Basic User who belongs to Company One.
Summary:
Alice is able to view and initiate communication with everyone else in Company One.
Alice is not able to view or initiate communication with other basic users from Company Two.
Alice is not able to view or initiate communication with Org Admins or Content Moderators from Company Two.
Exceptions:
Alice can view and initiate communication with her line manager or direct reports in the instance where they are members of another company.
Org Admins and Content Moderators from Company Two can still initiate communicate with Alice (even though she can’t initiate communication with them).
How to restrict directory
Speak to your designated CSM or reach out to support@joinblink.com if you want to turn this feature on. The Blink team can release the feature to your instance so that an Org Admin can access it and turn it on.
Go to Org Setup > Profile Permissions > Restrict access to Directory by company:
The feature can only be turned on if all your users have been assigned to a company. If you have users that aren’t assigned to a company, you will receive an error message:
Assigning users to a Company
The Company Name field is mandatory if you are choosing to Restrict Directory access by company.
By populating the Company Name field against a user profile, that user is assigned to the specified company.
See Company Name against the user profile:
The method for populating Company Name against all your users will depend whether your user data is SCIM or non-SCIM managed.
SCIM managed users
Update your third party database so your users have company field populated. Your next data sync will pull the data into Blink and you can turn the feature on.
Once the Restricted Directory feature has been turned on, you will be required to provision Company Name for all users.
Example error from Azure if Company Name is not provided:
Non-SCIM managed users
If your data is not SCIM managed, you will need to ensure the Company Name field is populated when importing your user data into Blink:
An error will show if you attempt to import users without Company Name:
For more information on how to import users into Blink, please refer to Importing your users.
Inviting users manually
When manually inviting a new user to join Blink, you must enter a Company Name for the invitee if your organization has Restricted Directory access by Company. This is to ensure all new users are located in a company and seeing the correct experience in their Blink instance.
A restricted user’s experience on Blink
Basic users with a restricted Directory will only be able to view and initiate conversation with users from the same company. This specifically applies to initiating chats or sending direct Feed posts, which would only be possible between basic users from the same company.
Directory (showing users from a single company):
Should an organization wish to enable cross-company communication between basic users, they can do so by creating an organization-level team.
Cross-company communication
Cross-company communication refers specifically to basic users having access to team channels and team feed posts when the team is made up of users from different companies.
Cross-company communication can be enabled depending on how you set up your teams. To read more about how to create teams on Blink, see here for further details.
Organizations have the freedom to add anyone to a team. This is significant for organizations choosing to restrict Directory access by company because you can still add people from different companies to the same team. In this instance, basic users from multiple companies who are in the same team will have access to a team channel and to team feed posts.
Teams with members from multiple companies are called organization-level teams.
Teams with members from the same company are called company-level teams.
Let’s address company-level teams first.
Company-level Teams
A Company-level team can be created manually or dynamically.
If you are creating it manually, you must choose members who are from a single company for it to count as a company-level team.
If you are creating it dynamically, you must use a single Company Name in your configuration rules:
Organization-level Teams
An organization-level team can be created manually or dynamically.
If you are creating it manually, you can choose members from multiple companies to be a part of your team.
If you are creating it dynamically, you can either use multiple Company names in your configuration rules, or exclude using Company Name within your configuration.
By setting up organization-level teams, you are enabling basic users from different companies to engage with one another within the team channel and via the team’s feed posts.
Organization-level teams do not change the status of your Restricted Directory. Users within an organization-level team who have a restricted Directory by company can still only view and reach out to others from their company.
Team Channels for Organization-level Teams
This feature may need to be turned on for your organization. Read here for further information.
Team Admins can choose to create channel(s) for their organization-level team. This will provide a ‘group chat’ space for all or some of the team members. The team members can add or remove themselves to the channel at any time.
All team members will be able to view one another’s input into the channel, whether they are from the same or different companies.
Organization-level team Feed posts
For Organization-level teams where the privacy setting allows members to post and comment , these will be visible to all team members from across multiple companies.
Mini-profiles
Mini profiles are visible to basic users who belong to the same organization-level team but are from different companies. Should basic user from Company One click on a team member from Company Two, they will be presented with a mini-profile showing very limited information.
Unlike a standard Blink profile, a mini profile excludes:
A chat button
email
phone (work or mobile)
skype name
manager ID
location ID / name
employee ID
“About me” description
user presence message
Standard Blink profile:
Mini-profile:
Users who change company
If your users change between companies, simply update their Company Name so that their directory is restricted to their new company.
If a basic user moves from Company One to Company Two, they will still see their historic chats from Company One. However, they will no longer be able to search for or view their colleagues from Company One.