This article explains Blink's Restricted Directory feature and includes:
Feature summary
This feature caters to our enterprise clients that comprise multiple companies or units and require each to operate as separate entities on Blink.
This feature enables organizations to segment their user directory per company, restricting users from viewing and communicating directly with others outside of their designated company.
If required, the organization can still enable communication channels across companies for basic users by creating organization-level groups that support group channels and feed posts for group interaction.
Restrictions by roles
Restrictions apply to Basic Users and Group Admins. They do not apply to Org Admins or Content Moderators, as illustrated by the table below.
Role | Directory | Chats | Feed |
Basic User | Restricted by Company | Restricted by Company | Restricted by Company |
Group Admin | Restricted by Company | Restricted by Company | Restricted by Company |
Content Moderator | Unrestricted | Unrestricted | Unrestricted |
Content Creator | Restricted by Company | Restricted by Company | Restricted by Company |
People Admin | Restricted by Company | Restricted by Company | Restricted by Company |
Support Admin | Restricted by Company | Restricted by Company | Restricted by Company |
Org Admin | Unrestricted | Unrestricted | Unrestricted |
The below diagram outlines the experience of Alice, a Basic User who belongs to Company One.
Summary:
Alice is able to view and initiate communication with everyone else in Company One.
Alice is not able to view or initiate communication with other basic users from Company Two.
Alice is not able to view or initiate communication with Org Admins or Content Moderators from Company Two.
Exceptions:
Alice can view and initiate communication with her line manager or direct reports in the instance where they are members of another company.
Org Admins and Content Moderators from Company Two can still initiate communicate with Alice (even though she can’t initiate communication with them).
How to restrict directory
Speak to your designated CSM or reach out to support@joinblink.com if you want to turn this feature on. The Blink team can release the feature to your instance so that an Org Admin can access it and turn it on.
Go to Org Setup > Profile Permissions > Restrict access to Directory by company:
The feature can only be turned on if all your users have been assigned to a company. If you have users that aren’t assigned to a company, you will receive an error message:
Assigning users to a Company
The Company Name field is mandatory if you are choosing to Restrict Directory access by company.
By populating the Company Name field against a user profile, that user is assigned to the specified company.
See Company Name against the user profile:
The method for populating Company Name against all your users will depend whether your user data is SCIM or non-SCIM managed.
SCIM managed users
Update your third party database so your users have company field populated. Your next data sync will pull the data into Blink and you can turn the feature on.
Once the Restricted Directory feature has been turned on, you will be required to provision Company Name for all users.
Example error from Azure if Company Name is not provided:
Non-SCIM managed users
If your data is not SCIM managed, you will need to ensure the Company Name field is populated when importing your user data into Blink:
An error will show if you attempt to import users without Company Name:
For more information on how to import users into Blink, please refer to Importing your users.
Inviting users manually
When manually inviting a new user to join Blink, you must enter a Company Name for the invitee if your organization has Restricted Directory access by Company. This is to ensure all new users are located in a company and seeing the correct experience in their Blink instance.
A restricted user’s experience on Blink
Basic users with a restricted Directory will only be able to view and initiate conversation with users from the same company. This specifically applies to initiating chats or sending direct Feed posts, which would only be possible between basic users from the same company.
Directory (showing users from a single company):
Should an organization wish to enable cross-company communication between basic users, they can do so by creating an organization-level group.
Cross-company communication
Cross-company communication refers specifically to basic users having access to group channels and group feed posts when the group is made up of users from different companies.
Cross-company communication can be enabled depending on how you set up your groups. To read more about how to create groups on Blink, see here for further details.
Organizations have the freedom to add anyone to a group. This is significant for organizations choosing to restrict Directory access by company because you can still add people from different companies to the same group. In this instance, basic users from multiple companies who are in the same group will have access to a group channel and to group feed posts.
Groups with members from multiple companies are called organization-level groups while groups with members from the same company are called company-level groups.
Company-level Groups
A Company-level group can be created manually or dynamically.
If you are creating it manually, you must choose members who are from a single company for it to count as a company-level groups.
If you are creating it dynamically, you must use a single Company Name in your configuration rules:
Organization-level Groups
An organization-level group can be created manually or dynamically.
Manually | Dynamically |
If you are creating it manually, you can choose members from multiple companies to be a part of your group. | If you are creating it dynamically, you can either use multiple Company names in your configuration rules, or exclude using Company Name within your configuration. |
By setting up organization-level groups, you are enabling basic users from different companies to engage with one another within the groups channel and via the group's feed posts.
Organization-level groups do not change the status of your Restricted Directory. Users within an organization-level group who have a restricted Directory by company can still only view and reach out to others from their company.
Group Channels for Organization-level groups
This feature may need to be turned on for your organization. Read here for further information.
Group Admins can choose to create channel(s) for their organization-level group. This will provide a ‘group chat’ space for all or some of the group members. The group members can add or remove themselves to the channel at any time.
All group members will be able to view one another’s input into the channel, whether they are from the same or different companies.
Organization-level group Feed posts
For organization-level groups where the privacy setting allows members to post and comment , these will be visible to all group members from across multiple companies.
Mini-profiles
Mini profiles are visible to basic users who belong to the same organization-level group but are from different companies. Should basic user from Company One click on a group member from Company Two, they will be presented with a mini-profile showing very limited information.
Unlike a standard Blink profile, a mini profile excludes:
A chat button
email
phone (work or mobile)
skype name
manager ID
location ID / name
employee ID
“About me” description
user presence message
Standard Blink profile:
Mini-profile:
Users who change company
If your users change between companies, simply update their Company Name so that their directory is restricted to their new company.
If a basic user moves from Company One to Company Two, they will still see their historic chats from Company One. However, they will no longer be able to search for or view their colleagues from Company One.