Enterprise onboarding checklist

To set up a productive Enterprise team in Postman, walk through the following general tasks. It's recommended that you first identify your Admins, Super Admins, and Billing users, then set up your Identity Provider (IdP), verify your domains, and assign groups and roles to your users before you enable your Enterprise team.

You can download and install the Postman desktop app for Windows, Mac, and Linux. You can also access Postman on the web with the Postman Agent.

If you're using the Postman web app, Postman recommends using the Postman Desktop Agent for the best experience. See About the Postman Agent for more information.

Assign roles

The Admin and Billing roles are essential to the setup and operation of Postman Enterprise teams, so these are the first users that you need to set up.

Postman provides two free support users per account.

Assign the Admin user

You'll need to set up an Admin user first. This user doesn't consume a license, so it's good practice to create this user first so you can then create other users and configure your SCIM and SSO.

While the person at your organization who is the primary Postman contact is a good candidate for this role, it's not an ideal long-term solution. You can temporarily assign them the Admin role for the purposes of setting up your Enterprise team. However, it's highly recommended that you set up a service account for this role. Use an identifiable email address, such as postman-admin@example.com, for this purpose because users in Postman are identified by their email address.

Assign the Billing role

Another often-used role is a user with access to your billing-related functions in Postman. Like the Admin user, the Billing role doesn't consume a license. You can assign this role to an email address assigned to your organization's accounts payable group.

The Super Admin role

Some operations, like SCIM, work best when configured by a user with the Super Admin role because this role provides maximum control over these operations. If the Super Admin user is removed from the team, these operations stop functioning. To ensure you keep continuity of services, it's recommended that you create a service user, such as postman-admin@example.com, with the Super Admin role that isn't tied to any individual.

Set up your Identity Provider

This step can take some time if you have to work with other groups in your organization. It's recommended that you coordinate with other groups as early as possible to avoid delays.

If you're setting up an Identity Provider (IdP) with Postman, this step will vary depending on the IdP your organization uses:

  • To configure your Single Sign On (SSO), find the instructions in Intro to SSO.
  • To automate the creation and de-provisioning of users with your IdP (recommended), see SCIM provisioning overview.
  • If you can't use SCIM, Postman supports just-in-time (JIT) user provisioning with SAML. However, JIT doesn't allow you to invite users directly from Postman when added to the IdP. It also doesn't support automatically assigning users to groups and roles, or automatically removing users from your team. You must perform these actions manually.

Verify your domains

Domain verification enables Postman to trust your Enterprise team and its connection to your organization. When you verify your organization's domain, Team Admins can seamlessly add users who verified their email addresses with the relevant domain to your team. Users won't need to accept an invite to join your team and instantly onboard with all the resources they need. Domain verification is one of the prerequisites for enabling domain capture.

Like setting up an IdP, domain verification configuration can take some time if you have to work with other groups in your organization. It's best to get a head start by referring to Configure domain verification and account capture in Postman and identify the required steps, then contacting your domain's administrator.

Assign your users to groups

With Postman, you can organize users into groups that reflect your organization's structure. You can use groups to assign specific roles to users so they have access to the resources they need in Postman on day one with your IdP.

Groups also enable you to assign Team roles in Postman. For example, you can configure your IdP to automatically assign specific team members with access to certain Postman roles based on their organization or job title position. These details depend highly on which IdP you use, so work with your IdP manager or IdP documentation get set up.

Assign roles to your users

Postman supports several Team roles that have various access across the team. Consider which users you want to grant these roles to and whether you want to assign these roles automatically with user groups.

Enable your team

Once you configure your IdP and SSO, verify your domains, and assign user groups, you can begin adding members to your team with IdP. Once your IdP is configured to create users in your team, it's highly recommended that you use your IdP to manage the user life cycle because:

  • Manually adding users directly to Postman won't grant them access. This is because the IdP isn't aware of these users and may not grant them access with SSO.
  • Manually removing users directly from Postman can cause errors in your IdP because it will try to update users that no longer exist in Postman.

Inform your existing Postman users that they're under SSO control and provide them with instructions for how to access it. New users added to the team through your IdP are sent invitations by email to join the team. You will also want to document how users can request access to the Postman Enterprise team directly from your IdP.

Questions

If you have any questions or run into any issues setting up Postman for your team, check out the Postman support center or explore the Postman Community.

Last modified: 2024/04/15