Customer Getting Started Guide

this guide is a step by step walkthrough of the shi one onboarding process note that the person who performs this onboarding process will be designated as the shi one admin responsible for setting up the account the onboarding process has three parts complete the shi one organization registration choose how your organization's users will sign in set up security groups if your organization's shi one account has already been set up, jump ahead to the customer getting started guide /#first time login for users section below first time login process initial account setup login for admin use chrome, edge, or firefox as your browser internet explorer is not supported when you receive the shi one portal onboarding email, click the start onboarding process button confirm your email address a verification code is sent to you email, which you then confirm fill in the shi one organization registration choose how your organization's users will sign in microsoft office 365/azure ad sso (recommended) google sso register new shi one user accounts microsoft office 365/azure ad sso if you select microsoft sso, you will be asked if you are an o365/azure ad admin if you are an o365/azure ad admin, you can authorize the sso connection by clicking the grant tenant wide admin consent to shi one button if you are not an o365/azure ad admin, send the below url to your organization's o365/azure admin (usually someone on your it team) to authorize the application on your behalf https //login microsoftonline com/common/adminconsent?client id=612f0fa7 b4f7 44b9 8684 5e0c36200771 the o365/azure admin's email address must match the organization's email in shi one if the email for the account in shi one is @bird com then the o365/azure admin's email must also be @bird com if the email for the account in shi one is @bird com but the o365/azure admin's email is @bird onmicrosoft com, they will not be able to grant permission or sign in to shi one to add a second email domain to your shi one account, click here setting up google sso to grant sso permissions to shi one, you have two options if you are a google admin, sign in to google and authorize the shi one application if you do not have permission to grant authorization yourself, contact your organization's google admin (usually someone on your it team) to authorize the application on your behalf the google admin's email address must match the organization's email in shi one if the email for the account in shi one is @bird com then the admin's email must also be @bird com if the email for the account in shi one is @bird com but the google admin's email is @bird google com, they will not be able to grant permission or log into shi one to add a second email domain to your shi one account, click here shi one manual account registration choosing this option requires all users to manually register their accounts the first time they sign in fill out the shi one organization registration verify the registration click on register an account verify your email sign in once these steps are complete, scroll to customer getting started guide /#all about security groups below to complete the onboarding process onboarding is not complete until security groups are configured first time login for users use chrome, edge, or firefox as your browser internet explorer is not supported navigate to https //one shi com and you will see the following login options click the login option used by your organization if you don't know which option to use, first try the microsoft login option, then the google login option if the microsoft and google login options haven't yet been activated by your organization's admin, click the shi one login option at the bottom of the menu, click don't have a login? register an account type in your email address and desired password click register if you see 'error the user already exists', you should click 'already have a login? log in to your account' then click 'forgot password?' check your email inbox for a verification email follow the instructions in the verification email to finish registering your login sign in to shi one using the shi one login option 'approval required', 'needs permission', or 'requires admin approval' if you try to sign in using the microsoft login option and see a message similar to the following a login message which includes text such as 'approval required', 'this app required your admin's approval to sign in and read user profile', and 'enter justification for requesting this app'a login message which includes text such as 'you can't access this application' and 'myapp needs permission to access resources in your organization that only an admin can grant please ask an admin to grant permission to this app before you can use it ' this means your organization has not yet granted shi one the necessary sso permissions s end this url to an o365/azure admin in your organization (usually someone on your it team) to authorize the application on your behalf https //login microsoftonline com/common/adminconsent?client id=612f0fa7 b4f7 44b9 8684 5e0c36200771 once permission is granted, you will sign in using the microsoft sso login option while you wait for permission to be granted, you can sign in to shi one using the shi one login option click the shi one login option, click 'don't have a login? register an account', complete the registration process, then sign in to shi one using the shi one login option once sso permission is granted, you will use the microsoft sso login option 'your account is pending approval from your company administrator' this means your organization's shi one admin has not yet approved your shi one profile your organization's shi one admin can approve your profile within shi one by following these steps navigate to settings > user management click the awaiting approval tab to the right of each email address, click the role drop down and choose either user or admin click the save button in the upper right once your organization's shi one admin has approved your profile, you will be able to sign in to shi one 'your administrator has configured the application shi one portal to block users unless they are specifically granted access to the application' a login message which includes the text 'your administrator has configured the application shi one portal to block users unless they are specifically granted access to the application the signed in user is blocked because they are not a direct member of a group with access, nor had access directly assigned by an administrator please contact your administrator to assign access to this application 'a login message which includes the text 'your administrator has configured the application shi one portal to block users unless they are specifically granted access to the application the signed in user is blocked because they are not a direct member of a group with access, nor had access directly assigned by an administrator please contact your administrator to assign access to this application ' this means your organization's microsoft/azure admin needs to assign access within microsoft/azure for you to access shi one send this url to your organization's microsoft/azure admin (usually someone on your it team) so that they can add you to the necessary group by following the steps here https //learn microsoft com/en us/azure/devops/organizations/security/add remove manage user group security group?view=azure devops\&tabs=current page#add users or groups to a security group if you are in the necessary group and still see the same login message, access is being affected by conflicting permission inheritance from another group your microsoft/azure admin must reconcile your access permissions utilizing the information here https //learn microsoft com/en us/azure/devops/organizations/security/about permissions?view=azure devops\&tabs=preview page#permission inheritance once your access is assigned correctly in microsoft/azure, you will be able to sign in shi one using the microsoft sso login option all about security groups a security group is a designated group of users who have permission to see specific contracts or features in shi one security groups must be set up in order to complete the onboarding process admins can create and assign permissions for specific contracts to different security groups admins can add new and existing users to security groups users must be assigned to a security group before they can view any data in shi one admins can view and access all data in shi one by default all users must be assigned to a security group in order to submit support requests users can only submit requests for the contracts, permissions, and accounts associated with their assigned security group(s) admins can designate a security group manager for each security group; that security group manager can add existing users to that specific security group admins and security group managers will be notified about any security group configuration issues that may lead to users being unable to submit support requests clicking on the notification will bring you to that security group's page if a user cannot see data in shi one, it means they have not been added to a security group users can only view data for the contracts, permissions, and accounts associated with their assigned security group(s) security group setup only admins can set up security groups step 1 creating a security group click on settings > security groups if needed, s croll down to the bottom of the page and click enable security groups on the options column, click the blue + icon enter a name for that security group click create step 2 adding contracts after hitting create , click on the new security group go to the contracts tab click +add contracts in the add contracts pop up, s elect the contracts in the left column that you want to assign to this security group click the > arrow to move those contracts to the right column click add contracts to save your selections step 3 setting permissions click the blue gear icon to the right of each contract and choose which request categories for which users will be allowed to submit support requests select the specific subscriptions/accounts in the left column that this security group will access click the > arrow to move those subscriptions/accounts to the right column click save click on the permissions tab and check/uncheck the permissions that will be granted to users in this security group step 4 adding users to security groups adding existing users click on the users tab click +add users on the right in the same way you added contracts, select users in the left column and click the > arrow to move them to the right column click add users to save your choices determine each user's permissions by assigning them the manager or member role the default role is member role permissions are detailed in the roles section below removing users you can remove users from a security group at any time by clicking the trash can icon to the right of their name adding a new user in shi one please note that if you are using an identity service to use single sign on (eg entra or google sso), you can also manage access to shi one directly through that interface only admins can add, edit, and remove users on the lefthand sidebar, navigate to settings > user management click add user on the right fill in the new user's information and designate their role as user or admin role permissions are detailed in the roles section below click next assign the user to all necessary security groups click save the new user will recieve a welcome email with a link to shi one refer to the section customer getting started guide /#first time login for users for login steps editing a user on the lefthand sidebar, navigate to settings > user management select the desired user group; you will always see the active and inactive groups, but you might see up to two other groups if users are pending or awaiting approval active users users who have set up their profiles and can access shi one awaiting approval users who have not yet been approved; an admin must manually approve these users in order for them to access shi one pending profiles users who have been approved but who have not yet signed in to set up their profile inactive users users who cannot access shi one click the orange pencil icon to the right of the user edit the user's status, role, first name, last name, and/or security group assignments as needed click save note a user's email address cannot be changed within shi one as it is tied to multiple elements in the portal such as devices and support requests to change a user's email address, submit a support request and include the user's current email address and the new email address roles there are four roles within shi one user, security group manager, admin, and guest user admins can edit a user's status, role, first name, last name, and security group assignments as needed by navigating to settings > user management , clicking the orange pencil icon to the right of a user, making the desired changes, and clicking save users users are able to view data for only the contracts, permissions, and accounts associated with their assigned security group(s) submit support requests for only the contracts, permissions, and accounts associated with their assigned security group(s) view only their own support requests view information for only their own devices access this shi one knowledge base security group managers security group managers are able to a dd existing users to their assigned security group(s) granting manager permissions within their assigned security group(s) remove existing users from their assigned security group(s) be notified of configuration issues that may need to be escalated for their assigned security group(s) access this shi one knowledge base admins can designate security group managers for each security group admins admins have all user and security group manager permissions, plus are also able to support center view and update all support requests view information regarding all devices view information/usage/consumption on all contracts and services be notified of configuration issues that may need to be escalated settings generate a microsoft sso organization wide consent link (if applicable) update white label options for the shi one portal (e g logo, etc ) add new users to their account edit existing users on their account change a user's status to inactive, which removes that user's access to shi one change user roles and assign admins create and enable security groups add, edit, and remove all users across all security groups guest user guest users are temporary users that only have access to view specific features in shi one they can only be created by an shi employee on that account's team a guest user is able to view different types assessments that they are explicitly granted access to view all labs on the account how to submit a support request on the lefthand sidebar, navigate to support center > new request select the applicable request type service request initiates a new service action for a deliverable service change request for the addition, modification, or removal of anything that could impact a service report an incident for unplanned interruptions or reduction in quality of a service select the applicable contract select an issue type select a sub issue type provide a subject provide a description include as much information about the issue as possible; this will help the support center diagnose and fix the issue faster attach screenshots and/or supporting files click submit for more detailed information, visit how to report an issue in shi one docid\ ifiqmzcahh8zgse vco1x what if i can't submit a support request ? if you cannot submit a support request, it means your organization's shi one admin has not added you to the necessary security group(s) users can only submit requests for the contracts, permissions, and accounts on security group(s) they are assigned to contact your organization's shi one admin and have them add you to the necessary security group(s) delegating azure subscriptions to shi one in order to view your azure subscription data in shi one, you must first grant shi one permission to access the data in azure visit the installing azure marketplace applications docid\ tykohif8ceaz tucnnsxl page for step by step instructions on how to complete this process note that the person who performs this process must be an shi one admin and also an owner to the azure subscription(s) being delegated note that azure govcloud is not supported in shi one note that azure web direct subscriptions are not supported in shi one; cost reporting and consumption data will not display for web direct subscriptions troubleshooting the red exclamation mark if you see this error, hover over the ! ! for instructions on how to fix the configuration seeing errors log the error with screenshots and written details navigate to support center > new request > report an incident fill out the form with as much information as possible about the error, attach any screenshots, and submit the support request for more detailed information about how to submit support requests, visit how to report an issue in shi one can't submit support requests all users must be assigned to a security group in order to submit support requests users in a security group can only submit requests for the contracts, permissions, and accounts that have been assigned to that specific security group if you can't submit support requests, contact your organization's shi one admin and have them add you to the necessary security group(s) can't see azure subscription data in order to view your azure subscription data in shi one, you must first grant shi one permission to access the data in azure visit the installing azure marketplace applications docid\ tykohif8ceaz tucnnsxl page for step by step instructions on how to complete this process want to enable sso (single sign on) sso can be enabled at any time the process must be performed by an shi one admin sign in to shi one and navigate to settings > general to the right of microsoft domain consent , click the consent button this step depends on if you are also your organization's microsoft admin if you are a microsoft admin, you will be able to sign in to microsoft and grant shi one consent to enable the sso if you are not a microsoft admin, you will see a link; send that link to your organization's microsoft admin (usually someone on your it team) who can grant consent to enable the sso once consent has been granted by the microsoft admin, all users will use the microsoft sso login option to sign in to shi one trying to sign in but see 'approval required', 'needs permission', or 'requires admin approval' if you try to sign in using the microsoft login option and see a message similar to the following a login message which includes text such as 'approval required', 'this app required your admin's approval to sign in and read user profile', and 'enter justification for requesting this app'a login message which includes text such as 'you can't access this application' and 'myapp needs permission to access resources in your organization that only an admin can grant please ask an admin to grant permission to this app before you can use it ' this means your organization has not yet granted shi one the necessary sso permissions s end this url to an o365/azure admin in your organization (usually someone on your it team) to authorize the application on your behalf https //login microsoftonline com/common/adminconsent?client id=612f0fa7 b4f7 44b9 8684 5e0c36200771 once permission is granted, you will sign in using the microsoft sso login option while you wait for permission to be granted, you can sign in to shi one using the shi one login option click the shi one login option, click 'don't have a login? register an account', complete the registration process, then sign in to shi one using the shi one login option once sso permission is granted, you will use the microsoft sso login option trying to sign in but see 'your account is pending approval from your company administrator' this means your organization's shi one admin has not yet approved your shi one profile your organization's shi one admin can approve your profile within shi one by following these steps navigate to settings > user management click the awaiting approval tab to the right of each email address, click the role drop down and choose either user or admin click the save button in the upper right once your organization's shi one admin has approved your profile, you will be able to sign in to shi one trying to sign in but see 'your administrator has configured the application shi one portal to block users unless they are specifically granted access to the application' a login message which includes the text 'your administrator has configured the application shi one portal to block users unless they are specifically granted access to the application the signed in user is blocked because they are not a direct member of a group with access, nor had access directly assigned by an administrator please contact your administrator to assign access to this application 'a login message which includes the text 'your administrator has configured the application shi one portal to block users unless they are specifically granted access to the application the signed in user is blocked because they are not a direct member of a group with access, nor had access directly assigned by an administrator please contact your administrator to assign access to this application ' this means your organization's microsoft/azure admin needs to assign access within microsoft/azure for you to access shi one send this url to your organization's microsoft/azure admin (usually someone on your it team) so that they can add you to the necessary group by following the steps here https //learn microsoft com/en us/azure/devops/organizations/security/add remove manage user group security group?view=azure devops\&tabs=current page#add users or groups to a security group if you are in the necessary group and still see the same login message, access is being affected by conflicting permission inheritance from another group your microsoft/azure admin must reconcile your access permissions utilizing the information here https //learn microsoft com/en us/azure/devops/organizations/security/about permissions?view=azure devops\&tabs=preview page#permission inheritance once your access is assigned correctly in microsoft/azure, you will be able to sign in shi one using the microsoft sso login option trying to sign in but can't try the following troubleshooting steps in order make sure you are using chrome, edge, or firefox as your browser; internet explorer is not supported in your browser's url bar, go to https //one shi com/logout then close that tab clear all cookies and site data for shi one go to https //one shi com and click the microsoft login option, then the google login option, then the shi one register an account option if the register an account option says you already have an account, click the shi one 'forgot password?' option try to sign in using a different browser if the steps above do not resolve the issue, send an email to supportservices\@shicustomersupport com and include the following information the name of your organization the email address you're trying to sign in with if this is your first time signing in to shi one the browser(s) you have tried to sign in on the login method(s) you have tried (microsoft, google, shi one) screenshots of what you see after you try to sign in any other relevant information; the more information you provide, the faster the support team will be able to diagnose and fix the issue for example first time signing in, email address recently changed, stuck in loading loop, etc need to add a second email domain shi one accounts by default are associated with one single email domain; all users with that email domain are able to self service sign in in order to add a second email domain, the support desk must create a user profile for someone whose email address uses the second email domain navigate to support center > new request > service request and submit a ticket which includes the following information request that a second email domain be added to your account the user's email address with the second email domain the user's first and last name the user's phone number what role the user should have (user or admin) my question is not addressed here visit the faq docid\ auqs0idzjlqfo2u8uo6yp page for a complete list of the most frequently asked questions about shi one